06-06-2008 02:36 AM - edited 03-05-2019 11:27 PM
Hello
I have a doubt of how proceed in the implementation of the ROOT GUARD in my LAN
1. Its better to implement the ROOT GUARD ( per port config ) on the CORE switch (6509 ) or on the ACCESS switch ? ( 3550 )
2. Its correct to implement Root Guard and BPDU GUARD in the same switch ? The first works per port the 2nd works globally
Thanks for your suggestion !
06-06-2008 10:53 AM
1-tradionnaly core sw is the root. so it will be more simple to implement the ROOT GUARD ( on cascade/trunk port) on the CORE switch .
2-BPDU GUARD could be implemented globaly or per port:
Switch(config)# spanning-tree portfast bpduguard default
Switch(config-if)# spanning-tree bpduguard enable
if we implement BPDU guard i think we implement automatically root guard (in an implicit way).
it could be interresting to implement root guard on trunk/cascade ports and BPDU guard on access ports
06-08-2008 08:54 AM
1-I would configure rootguard on untrusted boundaries, i.e access switch.
2-I prefer to have more control on bpduguard, so again I would apply it on access layer. I trust my uplink to the core and I expect to send and receive BPDUs there..so I only need it for access on untrusted ports.
HTH
Sam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide