cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
25188
Views
5
Helpful
4
Replies

spanning tree guard root command

carl_townshend
Spotlight
Spotlight

Hi all

when configuring root guard, should I only enable this on my access ports, not my root and uplink ports ?

4 Replies 4

i.va
Level 3
Level 3

Istvan_Rabai
Level 7
Level 7

Yes.

Rootguard protects against bpdus that are better than the current bpdus received from the root, because you want your root switch to be in a proper location in the network and within the spanning-tree.

On access-ports you do not expect to receive bpdus at all, so rootguard should be configured on them.

On root ports and uplink ports bpdus from the root switch are expected. Otherwise the spanning-tree would not work.

So if you enable rootguard on the root ports and uplink ports, the swithces will be isolated on those ports because those ports will be put into root inconsistent state and traffic will be disabled.

Cheers:

Istvan

Actually, I would not configure Root Guard on Access ports. I would configure BPDU Guard on Access ports. This will prevent a rouge switch that attaches to those port from becoming root because BPDU guard will shut down the port.

 

Root Guard should be on links to other switches to prevent a switch further down the stream from becoming root.

Cristian Matei
VIP Alumni
VIP Alumni

Hi,

 

   Root guard on a port, means that if you receive a superior BPDU on that port (someone claiming the root role), the port goes into Root Inconsistent state, to defend the root switch placement in your network, which affects your data traffic flow in the end. Rot Guard should be configured on the primary and secondary root bridges, on the downstream ports facing the other switches.

 

Regards,

Cristian Matei.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: