Please let me know where do we configure Root Guard & designated part means on which switch.
Also please let me know where do we configure Ip Helper Address on a switch/Router?
Solved! Go to Solution.
I think the following links will help you for root guard placement.
In the routers ip helper address is configured in the interface config mode, where as in switches its configured on layer 3 vlan and if any layer 3 physical interfaces.
ip address 10.0.0.2 255.255.255.0
ip helper-address 10.0.0.100
I hope it helps you.
For Root Guard, pls visit:
ip helper-address : IP helper-address is an interface configuration command and which is disable by default. To enable the forwarding of User Datagram Protocol (UDP) broadcasts, including BOOTP received on an interface.
As per Cisco: Forwards UDP broadcasts, including BOOTP, received on an interface.
Thanks & Regards
Pls rate if it helps
Root Guard is a feature to prevent another switch newly attached to the network from becoming a root bridge, and protect the network to reconverge.
You have to configure root guard on those ports where root bridge BPDUs are not expected at all, like user access ports.
Don't configure root guard on ports where BPDUs from the root are expected, otherwise you will block that port.
The "ip helper-address" command should be configured on the router interface which is directly connected to the LAN segment where DHCP hosts reside.
In other words it is the incoming interface for the DHCP discover and request packets (not the outgoing).
If you have more routers between the given LAN segment and the DHCP server, you do not need to configure "ip helper-address" on each router along the way:
The first router with its directly connected interface will convert DHCP broadcasts to unicasts and forward them to the DHCP server.
Of course, you need to have the approriate routes in the routers that will direct the packets between the DHCP hosts and the DHCP server.
Appreciate for the valuable information!
I)But I have a query on Ip-Helper Address as you said we can configre "Ip-Helper on a Router interface which is directly connected to the LAN segment where DHCP hosts reside" along with this i believe you can keep the DHCP server in the other network segment as well to perform the same function if proper routing is enabled .
Also can we configure Ip-Helper address on L3 switch inteface ?
II) what is the diffrence in Root Guard and Loop Guard ?
I) No you can not at L3 Switches.
II) As per Cisco : BPDU guard and root guard are similar, but their impact is different. BPDU guard disables the port upon BPDU reception if PortFast is enabled on the port. The disablement effectively denies devices behind such ports from participation in STP. You must manually reenable the port that is put into errdisable state or configure errdisable-timeout.
Root guard allows the device to participate in STP as long as the device does not try to become the root. If root guard blocks the port, subsequent recovery is automatic. Recovery occurs as soon as the offending device ceases to send superior BPDUs.
Pls rate if it helps.
If i am not wrong we can configure Ip-Helper address on switch layer 3 interface.
Interface vlan 10
ip address 10.200.2.10 255.255.255.0
ip helper address x.x.x.x
Please answer me.
The question is "Also can we configure Ip-Helper address on L3 switch interface?" if I go for the physical interface then as per my knowledge it is not possible. If I go as per u then its possible. Pls find the below:
SW_L3(config)#int gi 0/4
Interface IP configuration subcommands:
access-group Specify access control for packets
arp Configure ARP features
igmp IGMP interface commands
SW_L3(config-if)#ip helper-address ?
A.B.C.D IP destination address
I believe we can configure ip-helper on L3 switch port with out no switch port command.( I have performed on a 6509 L3 switch)
interface gi 0/1
ip address x.x.x.x x.x.x.x
ip-helper address x.x.x.x
I think we cant perform a ip helper address with no switch port comand on l3 port.
Bydefault on Cisco 6500 switch running IOS all the ports are Layer-3 ports, so you dont need to put " no switchport " command. That's why you are also able to put an IP address on it because it is a layer 3 port. On other switches like 4500/3750/3560's your ports are L2 bydefault and you need to put " no switchport " command to make it L3 port and work the things out.
HTH, Please rate if it does.
Thanks for the inputs!
So that means Ip-Helper Address command on a Router and L2 switch as well with no switch port coomand .
Also i believe we can perform ip-helper on a l3 switch port.