Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Implenting Root Guard on a SPT campus

Hello

I have a doubt of how proceed in the implementation of the ROOT GUARD in my LAN

1. Its better to implement the ROOT GUARD ( per port config ) on the CORE switch (6509 ) or on the ACCESS switch ? ( 3550 )

2. Its correct to implement Root Guard and BPDU GUARD in the same switch ? The first works per port the 2nd works globally

Thanks for your suggestion !

2 REPLIES
Silver

Re: Implenting Root Guard on a SPT campus

1-tradionnaly core sw is the root. so it will be more simple to implement the ROOT GUARD ( on cascade/trunk port) on the CORE switch .

2-BPDU GUARD could be implemented globaly or per port:

Switch(config)# spanning-tree portfast bpduguard default

Switch(config-if)# spanning-tree bpduguard enable

if we implement BPDU guard i think we implement automatically root guard (in an implicit way).

it could be interresting to implement root guard on trunk/cascade ports and BPDU guard on access ports

Re: Implenting Root Guard on a SPT campus

1-I would configure rootguard on untrusted boundaries, i.e access switch.

2-I prefer to have more control on bpduguard, so again I would apply it on access layer. I trust my uplink to the core and I expect to send and receive BPDUs there..so I only need it for access on untrusted ports.

HTH

Sam

232
Views
0
Helpful
2
Replies