cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
370
Views
0
Helpful
2
Replies

Implenting Root Guard on a SPT campus

abelleli71
Level 1
Level 1

Hello

I have a doubt of how proceed in the implementation of the ROOT GUARD in my LAN

1. Its better to implement the ROOT GUARD ( per port config ) on the CORE switch (6509 ) or on the ACCESS switch ? ( 3550 )

2. Its correct to implement Root Guard and BPDU GUARD in the same switch ? The first works per port the 2nd works globally

Thanks for your suggestion !

2 Replies 2

ohassairi
Level 5
Level 5

1-tradionnaly core sw is the root. so it will be more simple to implement the ROOT GUARD ( on cascade/trunk port) on the CORE switch .

2-BPDU GUARD could be implemented globaly or per port:

Switch(config)# spanning-tree portfast bpduguard default

Switch(config-if)# spanning-tree bpduguard enable

if we implement BPDU guard i think we implement automatically root guard (in an implicit way).

it could be interresting to implement root guard on trunk/cascade ports and BPDU guard on access ports

cisco_lad2004
Level 5
Level 5

1-I would configure rootguard on untrusted boundaries, i.e access switch.

2-I prefer to have more control on bpduguard, so again I would apply it on access layer. I trust my uplink to the core and I expect to send and receive BPDUs there..so I only need it for access on untrusted ports.

HTH

Sam

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco