Guard root or PortFast bpdu guard

Unanswered Question
Mar 16th, 2010
User Badges:

Hello,

I have two Cat6500 running CatOS as access switches to my servers farms, I have enabled portfast per port basis where needed and enabled portfast bpdu guard globally, so my question is how about guard root? Do I need to enable this features? because as each ports connected to the servers with portfast bpdu guard enabled cannot receive bpdu and thus cannot receive a new root information from this port?

Thanks for your answer.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 03/16/2010 - 10:15
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Belai,

I agree in your case you should be fine if you have deployed STP bdpu guard on all access ports.


Hope to help

Giuseppe

kirancherian Tue, 03/16/2010 - 20:51
User Badges:

Hello Belal,

                   The Guard root is usually configured on a port connected to another switch which could have a probability of sending lower priority BPDUs which could cause your manually configured root switch to become a designated bridge.


Since your two switches are access switches connected to a server farm ONLY, a portfast command is all that is needed which will enable them to transition faster.


Instead of a BPDU guard, it would be advisable to put a bpdufilter in place as bpduguard will put that port into "errdisable" state when it detects a bpdu packet (if by accident you do put a switch on a port on these switches), whereas bpdufilter will drop the STP bpdu packets.


-/ Kiran

Ganesh Hariharan Tue, 03/16/2010 - 23:28
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hello,

I have two Cat6500 running CatOS as access switches to my servers farms, I have enabled portfast per port basis where needed and enabled portfast bpdu guard globally, so my question is how about guard root? Do I need to enable this features? because as each ports connected to the servers with portfast bpdu guard enabled cannot receive bpdu and thus cannot receive a new root information from this port?

Thanks for your answer.



Hi,


BPDU guard and root guard are similar, but their impact is different. BPDU guard disables the port upon BPDU reception if PortFast is enabled on the port.

The disablement effectively denies devices behind such ports from participation in STP. You must manually reenable the port that is put into errdisable state or configure errdisable-timeout.


Root guard allows the device to participate in STP as long as the device does not try to become the root. If root guard blocks the port, subsequent recovery is automatic. Recovery occurs as soon as the offending device ceases to send superior BPDUs.


Hope to help !!


Remember to rate the helpful post


Ganesh.H

belal.sadozai Wed, 03/17/2010 - 06:13
User Badges:

Thanks to all for all those explaination.

Its more clare now.


Regards

Actions

This Discussion