Spanning TreeCCNA 200-301

Loop Guard Putting Port in Loop-Inconsistent State

Presenting Symptom

A switch port that should be forwarding traffic is stuck in the loop-inconsistent state, preventing traffic from passing through that link.

Network Context

The network is a small enterprise campus with two distribution switches (Cisco Catalyst 3750-X running IOS 15.0) connected via a redundant trunk link. Spanning Tree Protocol (STP) is enabled with Rapid PVST+, and Loop Guard is configured on the redundant trunk ports to prevent loops. The problem occurs on one of the trunk ports connecting the two distribution switches.

Diagnostic Steps

Check interface status

show interfaces status

Port      Name               Status       Vlan    Duplex Speed Type
Gi1/0/1   Trunk to Dist2     loop-inconsistent  trunk    full   1000 10/100/1000BaseTX

The port status shows 'loop-inconsistent' instead of 'connected' or 'notconnect'. This indicates that Loop Guard has placed the port into an inconsistent state because it did not receive BPDUs on a point-to-point link.

Verify Spanning Tree interface details

show spanning-tree interface gigabitEthernet 1/0/1 detail

Port 1 (GigabitEthernet1/0/1) of VLAN0001 is forwarding
  Port path cost 4, Port priority 128, Port Identifier 128.1.
  Designated root has priority 32769, address 0011.2233.4455
  Designated bridge has priority 32769, address 0011.2233.4455
  Designated port id is 128.1, designated path cost 0
  Timers: message age 0, forward delay 0, hold 0
  Number of transitions to forwarding state: 1
  Link type is point-to-point by default
  Loop guard is enabled on the port
  BPDU: sent 100, received 0
  Loop guard inconsistent state: yes

The output shows 'Loop guard inconsistent state: yes' and 'BPDU: sent 100, received 0'. This confirms that the port is not receiving BPDUs from the neighbor, causing Loop Guard to block the port.

Check neighbor switch's interface

show spanning-tree interface gigabitEthernet 1/0/1 detail (on the neighbor switch)

Port 1 (GigabitEthernet1/0/1) of VLAN0001 is forwarding
  ...
  BPDU: sent 100, received 100
  Loop guard inconsistent state: no

On the neighbor switch, the port is receiving BPDUs and is not in loop-inconsistent state. This suggests the issue is unidirectional: the local switch is not receiving BPDUs from the neighbor, possibly due to a hardware failure or misconfiguration on the local port.

Check for interface errors

show interfaces gigabitEthernet 1/0/1

GigabitEthernet1/0/1 is up, line protocol is up (looped)
  Hardware is Gigabit Ethernet, address is 0011.2233.4455 (bia 0011.2233.4455)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

The interface shows no input errors, but the line protocol is 'up (looped)'. This is unusual; normally it would be 'up' or 'down'. The 'looped' status indicates the port is in loop-inconsistent state. No CRC errors or other physical issues are present, so the problem is likely not a hardware fault but a configuration or STP issue.

Root Cause

Loop Guard is enabled on the port, and the port is not receiving BPDUs from the neighbor switch. This can happen if the neighbor switch has STP disabled on its port, or if there is a unidirectional link failure (e.g., fiber strand break) that prevents BPDUs from being received while the link appears up. In this case, the neighbor switch's port is configured with 'spanning-tree portfast trunk' which disables STP on that port, causing it to not send BPDUs. The local switch's Loop Guard then puts the port into loop-inconsistent state.

Resolution

On the neighbor switch, remove the 'spanning-tree portfast trunk' configuration from the trunk port to allow STP to operate normally and send BPDUs. Commands on neighbor switch: ``` interface GigabitEthernet1/0/1 no spanning-tree portfast trunk ``` Alternatively, if the port is intended to be a trunk, ensure STP is enabled. If Loop Guard is desired, both ends must have STP enabled and be capable of sending/receiving BPDUs.

Verification

After applying the fix, verify the port state on the local switch: ``` show spanning-tree interface gigabitEthernet 1/0/1 detail ``` Expected output: ``` Port 1 (GigabitEthernet1/0/1) of VLAN0001 is forwarding ... BPDU: sent 100, received 100 Loop guard inconsistent state: no ``` Also verify interface status: ``` show interfaces status ``` Expected output: ``` Port Name Status Vlan Duplex Speed Type Gi1/0/1 Trunk to Dist2 connected trunk full 1000 10/100/1000BaseTX ```

Prevention

["Ensure that STP is enabled on all switch ports that are part of a redundant topology, especially trunk ports. Avoid using 'spanning-tree portfast' on trunk ports unless absolutely necessary and only with proper understanding.","When using Loop Guard, ensure that both ends of a link are configured consistently and that BPDU transmission is not disabled on either side.","Implement UniDirectional Link Detection (UDLD) to detect and disable unidirectional links, which can cause similar symptoms."]

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario may appear in a troubleshooting multiple-choice question where you are given 'show spanning-tree' output showing a port in loop-inconsistent state. The exam tests your understanding of Loop Guard functionality and its interaction with STP. Key fact: Loop Guard places a port into loop-inconsistent state if it stops receiving BPDUs on a point-to-point link, preventing a loop. Candidates must know that this is different from BPDU Guard (which err-disables a port on BPDU reception).

Exam Tips

Memorize that Loop Guard blocks a port (loop-inconsistent) when BPDUs are not received, while BPDU Guard err-disables a port when BPDUs are received.

Remember that Loop Guard is typically used on root port or alternate port to prevent loops due to unidirectional link failures.

Know that 'show spanning-tree interface <int> detail' shows 'Loop guard inconsistent state: yes' when the port is blocked by Loop Guard.

Commands Used in This Scenario

show interfaces

Displays detailed status and statistics for all interfaces or a specific interface, used to verify interface operational state, errors, and performance.

show interfaces status

Displays a summary of all switch interfaces including their status, VLAN, duplex, speed, and type, used to quickly verify interface connectivity and configuration.

show spanning-tree

Displays the Spanning Tree Protocol (STP) state and configuration for all VLANs or a specific VLAN, used to verify root bridge, port roles, and STP topology.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions