Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

spanning tree guard root command

Hi all

when configuring root guard, should I only enable this on my access ports, not my root and uplink ports ?

2 REPLIES
New Member

Re: spanning tree guard root command

Re: spanning tree guard root command

Yes.

Rootguard protects against bpdus that are better than the current bpdus received from the root, because you want your root switch to be in a proper location in the network and within the spanning-tree.

On access-ports you do not expect to receive bpdus at all, so rootguard should be configured on them.

On root ports and uplink ports bpdus from the root switch are expected. Otherwise the spanning-tree would not work.

So if you enable rootguard on the root ports and uplink ports, the swithces will be isolated on those ports because those ports will be put into root inconsistent state and traffic will be disabled.

Cheers:

Istvan

12239
Views
4
Helpful
2
Replies