Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Root Guard or Backbone-Fast?

What are the differences between root guard and backbone-fast? Does backbone-fast have any advantages over root guard?

6 REPLIES

Re: Root Guard or Backbone-Fast?

That's comparing oranges to apples;-)

Backbone fast is a feature that allows aging immediately the STP information on a port that lost connection to the root bridge, saving about 20 seconds of reconvergence time in an STP network (RSTP and MST don't need the feature).

Rootguard will block a port if it receives better BPDUs than the one it would advertise on this port. This is generally used to avoid interacting with someone's STP on an access port.

I guess you are mistaking one of the two features with another, but I cannot guess which one.

Regards,

Francois

New Member

Re: Root Guard or Backbone-Fast?

thanks for the info. i thought they both were used for protecting the root switch(in someways they do right?)...

thanks

Re: Root Guard or Backbone-Fast?

backbone fast does not protect anything. Bpduguard and rootguard protect your stp in different ways.

I admit that the Cisco terminology is hard to remember, there are so many features with similar combination of words: root|loop|bpduguard, bpdufilter, uplink/backbone/port fast. Sometimes I have to concentrate;-)

New Member

Re: Root Guard or Backbone-Fast?

Thank You...

New Member

Re: Root Guard or Backbone-Fast?

Re: Root Guard or Backbone-Fast?

Oh, so if the question is for the difference between root guard and bpduguard:

-root guard blocks a port if it receives better information.

-loopguard err-disable (which basically means: shut down) a port if it receives *any* bpdu.

So loopguard is way more violent than rootguard: it does not want to hear about any STP message, while root guard will accept STP messages, as long as they are not significant for the port.

The advantage of shutting down the port (using bpduguard) is that it will protect the CPU of the switch should this port receives a kind of Denial of Service attack using BPDUs. Rootguard, even if it blocks the port, will still have to send the BPDUs to the CPU. Generally speaking, you don't want to run STP with someone you don't trust.

Regards,

Francois

551
Views
5
Helpful
6
Replies
CreatePlease to create content