Istvan_Rabai Thu, 08/06/2009 - 02:07
User Badges:
  • Gold, 750 points or more


Rootguard protects against bpdus that are better than the current bpdus received from the root, because you want your root switch to be in a proper location in the network and within the spanning-tree.

On access-ports you do not expect to receive bpdus at all, so rootguard should be configured on them.

On root ports and uplink ports bpdus from the root switch are expected. Otherwise the spanning-tree would not work.

So if you enable rootguard on the root ports and uplink ports, the swithces will be isolated on those ports because those ports will be put into root inconsistent state and traffic will be disabled.




This Discussion