Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Guard root or PortFast bpdu guard

Hello,

I have two Cat6500 running CatOS as access switches to my servers farms, I have enabled portfast per port basis where needed and enabled portfast bpdu guard globally, so my question is how about guard root? Do I need to enable this features? because as each ports connected to the servers with portfast bpdu guard enabled cannot receive bpdu and thus cannot receive a new root information from this port?

Thanks for your answer.

5 REPLIES
VIP Super Bronze

Re: Guard root or PortFast bpdu guard

Hello Belal,

You usually enable loop guard on you uplink ports connecting to other switches and not on you access ports.

Please reference this documet for more info with examples:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094640.shtml#loop_guard

HTH

Reza

Hall of Fame Super Silver

Re: Guard root or PortFast bpdu guard

Hello Belai,

I agree in your case you should be fine if you have deployed STP bdpu guard on all access ports.

Hope to help

Giuseppe

New Member

Re: Guard root or PortFast bpdu guard

Hello Belal,

                   The Guard root is usually configured on a port connected to another switch which could have a probability of sending lower priority BPDUs which could cause your manually configured root switch to become a designated bridge.

Since your two switches are access switches connected to a server farm ONLY, a portfast command is all that is needed which will enable them to transition faster.

Instead of a BPDU guard, it would be advisable to put a bpdufilter in place as bpduguard will put that port into "errdisable" state when it detects a bpdu packet (if by accident you do put a switch on a port on these switches), whereas bpdufilter will drop the STP bpdu packets.

-/ Kiran

Re: Guard root or PortFast bpdu guard

Hello,

I have two Cat6500 running CatOS as access switches to my servers farms, I have enabled portfast per port basis where needed and enabled portfast bpdu guard globally, so my question is how about guard root? Do I need to enable this features? because as each ports connected to the servers with portfast bpdu guard enabled cannot receive bpdu and thus cannot receive a new root information from this port?

Thanks for your answer.

Hi,

BPDU guard and root guard are similar, but their impact is different. BPDU guard disables the port upon BPDU reception if PortFast is enabled on the port.

The disablement effectively denies devices behind such ports from participation in STP. You must manually reenable the port that is put into errdisable state or configure errdisable-timeout.

Root guard allows the device to participate in STP as long as the device does not try to become the root. If root guard blocks the port, subsequent recovery is automatic. Recovery occurs as soon as the offending device ceases to send superior BPDUs.

Hope to help !!

Remember to rate the helpful post

Ganesh.H

New Member

Re: Guard root or PortFast bpdu guard

Thanks to all for all those explaination.

Its more clare now.

Regards

658
Views
0
Helpful
5
Replies