03-16-2010 09:42 AM - edited 03-06-2019 10:09 AM
Hello,
I have two Cat6500 running CatOS as access switches to my servers farms, I have enabled portfast per port basis where needed and enabled portfast bpdu guard globally, so my question is how about guard root? Do I need to enable this features? because as each ports connected to the servers with portfast bpdu guard enabled cannot receive bpdu and thus cannot receive a new root information from this port?
Thanks for your answer.
03-16-2010 10:13 AM
Hello Belal,
You usually enable loop guard on you uplink ports connecting to other switches and not on you access ports.
Please reference this documet for more info with examples:
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094640.shtml#loop_guard
HTH
Reza
03-16-2010 10:15 AM
Hello Belai,
I agree in your case you should be fine if you have deployed STP bdpu guard on all access ports.
Hope to help
Giuseppe
03-16-2010 08:51 PM
Hello Belal,
The Guard root is usually configured on a port connected to another switch which could have a probability of sending lower priority BPDUs which could cause your manually configured root switch to become a designated bridge.
Since your two switches are access switches connected to a server farm ONLY, a portfast command is all that is needed which will enable them to transition faster.
Instead of a BPDU guard, it would be advisable to put a bpdufilter in place as bpduguard will put that port into "errdisable" state when it detects a bpdu packet (if by accident you do put a switch on a port on these switches), whereas bpdufilter will drop the STP bpdu packets.
-/ Kiran
03-16-2010 11:28 PM
Hello,
I have two Cat6500 running CatOS as access switches to my servers farms, I have enabled portfast per port basis where needed and enabled portfast bpdu guard globally, so my question is how about guard root? Do I need to enable this features? because as each ports connected to the servers with portfast bpdu guard enabled cannot receive bpdu and thus cannot receive a new root information from this port?
Thanks for your answer.
Hi,
BPDU guard and root guard are similar, but their impact is different. BPDU guard disables the port upon BPDU reception if PortFast is enabled on the port.
The disablement effectively denies devices behind such ports from participation in STP. You must manually reenable the port that is put into errdisable state or configure errdisable-timeout.
Root guard allows the device to participate in STP as long as the device does not try to become the root. If root guard blocks the port, subsequent recovery is automatic. Recovery occurs as soon as the offending device ceases to send superior BPDUs.
Hope to help !!
Remember to rate the helpful post
Ganesh.H
03-17-2010 06:13 AM
Thanks to all for all those explaination.
Its more clare now.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide