Placing of STP features

Unanswered Question
Feb 2nd, 2008
User Badges:

From what i have read from the book, can i say that the placing of the following feature are correct from the below answer stated:


Only access switches where interface invlove end-user ports, cisco devices and server ports.


Only access switches where the number of active VLAN is limited.


Between Distribution and Core switches where link cores encounter direct failures.

BPDU Guard:

Only access switches where interface configure with portfast feature.

BPDU Filtering:

Only access switches where interface configure with portfast feature.

Root Guard:

Between distribution and access switches.

Loop Guard:

Between Core, Distribution and Core switches where link cores encounter indirect failures.


All Core, Distribution and Core switches where link cores encounter physically link failures.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Edison Ortiz Sun, 02/03/2008 - 07:47
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

>BPDU Filtering:

> Only access switches where interface configure with portfast feature.

Be careful with BPDU filtering, the global bpdufiltering behaves differently than the interface level bpdufiltering.

The global bpdufiltering removes the portfast feature along with the bpdufiltering feature from a switchport when a bpdu is received.

The interface bpdufiltering blocks the sending/receiving of bdpus and it's not associated to portfast at all.




simonstoll Mon, 02/04/2008 - 00:41
User Badges:


If you can, make it with Rapid Spanning Tree, so you don't have to worry about Uplinkfast and BackboneFast. About the other features: Best pratice for me is to enable Portfast on any port connecting to end devices, and then to switch on BPDU Guard on this ports as well (can be done with bpdu guard default on all portfast ports). Loopguard can be switched on on all Links facing to the STP Root, Rootguard on all Ports where you never to learn a bridge with higher priority as your current STP Root, and finally UDLD on alle Fiber Links interconnecting your switches.

That link shows all the feauters:


kian_hong2000 Tue, 02/12/2008 - 03:31
User Badges:

Thanks everyone for your information.

I got another questions. I read CCNP BCMSN Command Guide. I does not sure:

1) Why the book say that do not enable root guard on interfaces used by Uplinkfast?

2) From the example given by the book, i found out that root guard is place only at the switch which is in the block state. Why we cannot place it in other states such as forwarding or listening ?

s.arunkumar Tue, 02/12/2008 - 03:58
User Badges:
  • Bronze, 100 points or more


1.As mentioned in earlier post the root guard is used when the port should not become a root port or in otherwords dont expect any root (or superioir BPDU's) from that port.Now uplink fast is used when two uplink is there towards the root.Hence both contradict and so the uplinkfast interface cannot be enabled with root guard..

2.As far as i know ,root guard can be placed in port in forwarding states also( designated port)..

lets see what other have to say on this..

From where you read this..,can u pls provide the link or something..???


kian_hong2000 Tue, 02/12/2008 - 07:01
User Badges:

Hi arun,

Thanks for your answer. Oh, I found it in a book called "CCNP BCMSN Portable Command Guide", the author is "Scott Empson"

It can be found under Chapter 3. It show a figure of one core, two distribution and two access switches.

The core is dual link to two distribution switches A and B and two distribution switches are dual link to two access switches C and D. However, one of the access switches C's link is in block state.

The link connected from A, B and D are in forwarding state and the interfaces pointing to C have configure with root guard features

That is the reason why i can confuse with the root guard features. I am wondering is this features normally place at the link where it is in block state.


This Discussion