06-06-2008 02:36 AM - edited 03-05-2019 11:27 PM
Hello
I have a doubt of how proceed in the implementation of the ROOT GUARD in my LAN
1. Its better to implement the ROOT GUARD ( per port config ) on the CORE switch (6509 ) or on the ACCESS switch ? ( 3550 )
2. Its correct to implement Root Guard and BPDU GUARD in the same switch ? The first works per port the 2nd works globally
Thanks for your suggestion !
06-06-2008 10:53 AM
1-tradionnaly core sw is the root. so it will be more simple to implement the ROOT GUARD ( on cascade/trunk port) on the CORE switch .
2-BPDU GUARD could be implemented globaly or per port:
Switch(config)# spanning-tree portfast bpduguard default
Switch(config-if)# spanning-tree bpduguard enable
if we implement BPDU guard i think we implement automatically root guard (in an implicit way).
it could be interresting to implement root guard on trunk/cascade ports and BPDU guard on access ports
06-08-2008 08:54 AM
1-I would configure rootguard on untrusted boundaries, i.e access switch.
2-I prefer to have more control on bpduguard, so again I would apply it on access layer. I trust my uplink to the core and I expect to send and receive BPDUs there..so I only need it for access on untrusted ports.
HTH
Sam
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: