STP loop guard and root guard are supported on a port or port-channel enabled in
any Spanning Tree mode: Spanning Tree Protocol (STP), Rapid Spanning Tree
Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), and Per-VLAN Spanning
Tree Plus (PVST+).
Root guard is supported on any STP-enabled port or port-channel except when
used as a stacking port. When enabled on a port, root guard applies to all VLANs
configured on the port.
STP root guard and loop guard cannot be enabled at the same time on a port. For
example, if you configure loop guard on a port on which root guard is already
configured, the following error message is displayed: % Error: RootGuard is
configured. Cannot configure LoopGuard.
Do not enable Portfast BPDU guard and loop guard at the same time on a port.
Enabling both features may result in a port that remains in a blocking state and
prevents traffic from flowing through it. For example, when Portfast BPDU guard
and loop guard are both configured:
• If a BPDU is received from a remote device, BPDU guard places the port in an
Err-Disabled Blocking state and no traffic is forwarded on the port.
• If no BPDU is received from a remote device, loop guard places the port in a
Loop-Inconsistent Blocking state and no traffic is forwarded on the port.
To display the type of STP guard (Portfast BPDU, root, or loop guard) enabled on a
port, enter the show spanning-tree 0 command.
Spanning Tree Protocol (STP) 1565