IMPLEMENT ROOT GUARD

Answered Question
Jun 6th, 2008

Hello

I have a doubt of how proceed in the implementation of the ROOT GUARD in my LAN

1. Its better to implement the ROOT GUARD ( per port config ) on the CORE switch (6509 ) or on the ACCESS switch ? ( 3550 )

2. Its correct to implement Root Guard and BPDU GUARD in the same switch ? The first works per port the 2nd works globally

Thanks for your suggestion !

I have this problem too.
0 votes
Correct Answer by Edison Ortiz about 8 years 7 months ago

1) The root guard must be configured on the designated port. The designated port is located in the STP Root switch.

The root port is located in the leaf switch (access switch). Root guard must not be configured there.

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml

2) Yes, bpduguard and root guard can be configured in the same switch. Bpduguard works in the port and also globally. In global mode, all ports are affected by this setting while per port, only the configured port is affected.

HTH,

__

Edison.

Please rate helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Edison Ortiz Fri, 06/06/2008 - 08:23

1) The root guard must be configured on the designated port. The designated port is located in the STP Root switch.

The root port is located in the leaf switch (access switch). Root guard must not be configured there.

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml

2) Yes, bpduguard and root guard can be configured in the same switch. Bpduguard works in the port and also globally. In global mode, all ports are affected by this setting while per port, only the configured port is affected.

HTH,

__

Edison.

Please rate helpful posts

Actions

This Discussion