cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1482
Views
19
Helpful
14
Replies

Root Guard config

mirzaakberali
Level 1
Level 1

Hi ,

Please let me know where do we configure Root Guard & designated part means on which switch.

Also please let me know where do we configure Ip Helper Address on a switch/Router?

1 Accepted Solution

Accepted Solutions

Goutam,

Go ahead and configure the switch port as layer-3 port by issuing " no switchport " command. This should work for your and will be able to put the ip helper command on it.

HTH,

-amit singh

View solution in original post

14 Replies 14

aijaz802
Level 1
Level 1

Hi,

I think the following links will help you for root guard placement.

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml

http://conft.com/univercd/cc/td/doc/product/lan/cat2960/12244se/scg1/swstpopt.htm

In the routers ip helper address is configured in the interface config mode, where as in switches its configured on layer 3 vlan and if any layer 3 physical interfaces.

Like...

interface Vlan11

ip address 10.0.0.2 255.255.255.0

ip helper-address 10.0.0.100

I hope it helps you.

Regards,

*aijaz*

Goutam Sanyal
Level 4
Level 4

Hi,

For Root Guard, pls visit:

http://cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml

ip helper-address : IP helper-address is an interface configuration command and which is disable by default. To enable the forwarding of User Datagram Protocol (UDP) broadcasts, including BOOTP received on an interface.

As per Cisco: Forwards UDP broadcasts, including BOOTP, received on an interface.

Thanks & Regards

Goutam

Pls rate if it helps

Istvan_Rabai
Level 7
Level 7

Hi,

Root Guard is a feature to prevent another switch newly attached to the network from becoming a root bridge, and protect the network to reconverge.

You have to configure root guard on those ports where root bridge BPDUs are not expected at all, like user access ports.

Don't configure root guard on ports where BPDUs from the root are expected, otherwise you will block that port.

Helper address:

The "ip helper-address" command should be configured on the router interface which is directly connected to the LAN segment where DHCP hosts reside.

In other words it is the incoming interface for the DHCP discover and request packets (not the outgoing).

If you have more routers between the given LAN segment and the DHCP server, you do not need to configure "ip helper-address" on each router along the way:

The first router with its directly connected interface will convert DHCP broadcasts to unicasts and forward them to the DHCP server.

Of course, you need to have the approriate routes in the routers that will direct the packets between the DHCP hosts and the DHCP server.

Cheers:

Istvan

Appreciate for the valuable information!

I)But I have a query on Ip-Helper Address as you said we can configre "Ip-Helper on a Router interface which is directly connected to the LAN segment where DHCP hosts reside" along with this i believe you can keep the DHCP server in the other network segment as well to perform the same function if proper routing is enabled .

Also can we configure Ip-Helper address on L3 switch inteface ?

II) what is the diffrence in Root Guard and Loop Guard ?

Thanks,

Akber.

Hi,

I) No you can not at L3 Switches.

II) As per Cisco : BPDU guard and root guard are similar, but their impact is different. BPDU guard disables the port upon BPDU reception if PortFast is enabled on the port. The disablement effectively denies devices behind such ports from participation in STP. You must manually reenable the port that is put into errdisable state or configure errdisable-timeout.

Root guard allows the device to participate in STP as long as the device does not try to become the root. If root guard blocks the port, subsequent recovery is automatic. Recovery occurs as soon as the offending device ceases to send superior BPDUs.

thanks

Goutam

Pls rate if it helps.

hi Goutan,

If i am not wrong we can configure Ip-Helper address on switch layer 3 interface.

Ex:-

Interface vlan 10

ip address 10.200.2.10 255.255.255.0

ip helper address x.x.x.x

Please answer me.

Regds,

Akber.

Hi Akber,

The question is "Also can we configure Ip-Helper address on L3 switch interface?" if I go for the physical interface then as per my knowledge it is not possible. If I go as per u then its possible. Pls find the below:

SW_L3(config)#int gi 0/4

SW_L3(config-if)#ip ?

Interface IP configuration subcommands:

access-group Specify access control for packets

arp Configure ARP features

dhcp DHCP

igmp IGMP interface commands

verify verify

SW_L3(config-if)#ip

SW_L3(config-if)#int vlan1

SW_L3(config-if)#ip ?

SW_L3(config-if)#ip helper-address ?

A.B.C.D IP destination address

Goutam :)

Goutam,

Go ahead and configure the switch port as layer-3 port by issuing " no switchport " command. This should work for your and will be able to put the ip helper command on it.

HTH,

-amit singh

Hi Amit,

I just realised that one can always learn something or other from a good company. Thanks :)

Goutam

Amit,

I believe we can configure ip-helper on L3 switch port with out no switch port command.( I have performed on a 6509 L3 switch)

Ex:-

interface gi 0/1

ip address x.x.x.x x.x.x.x

ip-helper address x.x.x.x

I think we cant perform a ip helper address with no switch port comand on l3 port.

Thnks,

Akber.

Appreciate if somebody can answer the above query.

Rgds,

Akber.

Akber,

Bydefault on Cisco 6500 switch running IOS all the ports are Layer-3 ports, so you dont need to put " no switchport " command. That's why you are also able to put an IP address on it because it is a layer 3 port. On other switches like 4500/3750/3560's your ports are L2 bydefault and you need to put " no switchport " command to make it L3 port and work the things out.

HTH, Please rate if it does.

-amit singh

Thanks for the inputs!

So that means Ip-Helper Address command on a Router and L2 switch as well with no switch port coomand .

Also i believe we can perform ip-helper on a l3 switch port.

Please confirm.

Thanks,

Akber.

Akber,

You can put an Ip-helper on a layer-3 interface br it on a router or L3 switch with SVI's or the L3 switchport.

HTH,

-amit singh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco