spanning tree guard root command

Unanswered Question
Aug 6th, 2009

Hi all

when configuring root guard, should I only enable this on my access ports, not my root and uplink ports ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Istvan_Rabai Thu, 08/06/2009 - 02:07


Rootguard protects against bpdus that are better than the current bpdus received from the root, because you want your root switch to be in a proper location in the network and within the spanning-tree.

On access-ports you do not expect to receive bpdus at all, so rootguard should be configured on them.

On root ports and uplink ports bpdus from the root switch are expected. Otherwise the spanning-tree would not work.

So if you enable rootguard on the root ports and uplink ports, the swithces will be isolated on those ports because those ports will be put into root inconsistent state and traffic will be disabled.




This Discussion