All scripts
fault
Expert
1–3 min

STP Loop Detector

Spanning-tree topology change forensics: TCN flood detection, root bridge verification, blocked port audit, BPDU guard/filter violations, PVST+ inconsistency across VLANs, and loop-risk scoring.

Cisco IOS/NX-OS
Arista
HP/Aruba
Open in GeneratorOpen in Platform
You're viewing a preview

The full script, parameters, and execution console are available with a free account.

Already have access? Sign in →

Capabilities

  • TCN rate & source tracking
  • Root bridge per-VLAN verify
  • Blocked port inventory
  • BPDU guard violation log
  • PVST+ VLAN inconsistency
  • Port-fast on trunk detection
  • Loop risk score 0–100

Required inputs

Parameters the script accepts. Defaults shown; some are vendor- or context-gated.

ParameterTypeDefaultNotes
Expected root bridge MAC
expected_root
string
TCN alert threshold /min
tcn_threshold
number5
Check PVST consistency
check_pvst
booltrue
VLAN range to check
vlan_range
string1-4094

Hint 1Name your vendors and OS versions

Mention the exact platforms you run (Cisco IOS/NX-OS, Arista, HP/Aruba) so the generated fault logic uses the right CLI/NETCONF syntax.

Hint 2State your real thresholds

Provide concrete values for Expected root bridge MAC, TCN alert threshold /min, Check PVST consistency instead of the defaults — they shape what counts as a fault.

Hint 3Prioritize the checks you need

This tool can tCN rate & source tracking and root bridge per-VLAN verify. Ask for the subset relevant to your incident to keep output focused.

Hint 4Describe your inventory format

Tell the assistant whether your device list is CSV, YAML, or JSON and which columns it has, so parsing matches your data.

Sample inventory schema

Authoritative shape of the device/policy data this script consumes.

switches.csv
csv
12 dist+access switches across two DCs (Cisco + Arista)
terminal
hostname,mgmt_ip,site,role,vendor,os,stack_size,vlan_count,uplink_speed
dist-sw-01,10.40.0.11,LON1-DC,distribution,cisco,iosxe-17.9,1,148,40G
dist-sw-02,10.40.0.12,LON1-DC,distribution,cisco,iosxe-17.9,1,148,40G
dist-sw-03,10.40.0.13,FRA1-DC,distribution,arista,eos-4.31.2F,1,124,40G
expected_roots.yaml
yaml
Per-VLAN-range root/secondary expectations + BPDU-guard policy
yaml
# Per-VLAN expected root bridge (used for primary/secondary verification)
expected_roots:
  - vlan_range: 10-99      # user VLANs
    primary: dist-sw-01

Expected output

Reference terminal output the script should produce — used as a stylistic and structural target.

terminal
[14:45:11] STP topology analysis — 12 switches, 47 VLANs

ROOT BRIDGE VERIFICATION
  VLAN 1:    Expected 00:1A:2B:3C:4D:5E  |  Actual 00:1A:2B:3C:4D:5E  ✓
  VLAN 100:  Expected 00:1A:2B:3C:4D:5E  |  Actual AA:BB:CC:DD:EE:FF  ✗ MISMATCH!
  VLAN 200:  Expected 00:1A:2B:3C:4D:5E  |  Actual 00:1A:2B:3C:4D:5E  ✓

[CRITICAL] VLAN 100 root bridge mismatch!
  Expected: core-sw-01 (00:1A:2B:3C:4D:5E)
  Actual:   access-sw-07 (AA:BB:CC:DD:EE:FF) — rogue root detected