Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Spanning-tree bpduguard/spanning-tree rootguard

Dear Expert,

I wouldl like to ask If spanning-tree bpduguard is enabled in a port, that means that port will not send or receive BPDU. Then how about if add one more command, "spanning-tee rootguard" on the same port, Is it meaningless ? Becuase that port already ignore the bpduguard.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Spanning-tree bpduguard/spanning-tree rootguard

acbennyma wrote:

Dear Expert,

I wouldl like to ask If spanning-tree bpduguard is enabled in a port, that means that port will not send or receive BPDU. Then how about if add one more command, "spanning-tee rootguard" on the same port, Is it meaningless ? Becuase that port already ignore the bpduguard.

They are used for 2 different things -

bpduguard is used for end devices and as you say will disable a port if it receives a BPDU

rootguard is not intended for ports that have end devices on them. It is intended for switch interconnect ports ie. ports that are used to uplink to other switches.

So BPDUGuard would never be used on switch uplinks because you want BPDUs to be sent and received on these ports.

Jon

2 REPLIES

Re: Spanning-tree bpduguard/spanning-tree rootguard

Dear Expert,

I wouldl like to ask If spanning-tree bpduguard is enabled in a port, that means that port will not send or receive BPDU. Then how about if add one more command, "spanning-tee rootguard" on the same port, Is it meaningless ? Becuase that port already ignore the bpduguard.

Hi,

The PortFast BPDU guard feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When the BPDU guard feature is enabled on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs, instead of putting them into the spanning tree blocking state.

On the other hand for root gaurd ensures that the port on which root guard is enabled is the designated port. Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected together. If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state. This root-inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge.

The Action differs when you configure the the baove on swith ports.

Hope that helps

If helpful do rate

Ganesh.H

Hall of Fame Super Blue

Re: Spanning-tree bpduguard/spanning-tree rootguard

acbennyma wrote:

Dear Expert,

I wouldl like to ask If spanning-tree bpduguard is enabled in a port, that means that port will not send or receive BPDU. Then how about if add one more command, "spanning-tee rootguard" on the same port, Is it meaningless ? Becuase that port already ignore the bpduguard.

They are used for 2 different things -

bpduguard is used for end devices and as you say will disable a port if it receives a BPDU

rootguard is not intended for ports that have end devices on them. It is intended for switch interconnect ports ie. ports that are used to uplink to other switches.

So BPDUGuard would never be used on switch uplinks because you want BPDUs to be sent and received on these ports.

Jon

375
Views
0
Helpful
2
Replies