Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
381
Views
0
Helpful
2
Replies

Implenting Root Guard on a SPT campus

abelleli71
Level 1
Level 1

‎06-06-2008 02:36 AM - edited ‎03-05-2019 11:27 PM

Hello

I have a doubt of how proceed in the implementation of the ROOT GUARD in my LAN

1. Its better to implement the ROOT GUARD ( per port config ) on the CORE switch (6509 ) or on the ACCESS switch ? ( 3550 )

2. Its correct to implement Root Guard and BPDU GUARD in the same switch ? The first works per port the 2nd works globally

Thanks for your suggestion !

Labels:
0 Helpful
2 Replies 2

ohassairi
Level 5
Level 5

‎06-06-2008 10:53 AM

1-tradionnaly core sw is the root. so it will be more simple to implement the ROOT GUARD ( on cascade/trunk port) on the CORE switch .

2-BPDU GUARD could be implemented globaly or per port:

Switch(config)# spanning-tree portfast bpduguard default

Switch(config-if)# spanning-tree bpduguard enable

if we implement BPDU guard i think we implement automatically root guard (in an implicit way).

it could be interresting to implement root guard on trunk/cascade ports and BPDU guard on access ports

0 Helpful

cisco_lad2004
Level 5
Level 5

‎06-08-2008 08:54 AM

1-I would configure rootguard on untrusted boundaries, i.e access switch.

2-I prefer to have more control on bpduguard, so again I would apply it on access layer. I trust my uplink to the core and I expect to send and receive BPDUs there..so I only need it for access on untrusted ports.

HTH

Sam

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card