cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
720
Views
0
Helpful
2
Replies

Spanning-tree bpduguard/spanning-tree rootguard

acbennyma
Level 1
Level 1

Dear Expert,

I wouldl like to ask If spanning-tree bpduguard is enabled in a port, that means that port will not send or receive BPDU. Then how about if add one more command, "spanning-tee rootguard" on the same port, Is it meaningless ? Becuase that port already ignore the bpduguard.

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

acbennyma wrote:

Dear Expert,

I wouldl like to ask If spanning-tree bpduguard is enabled in a port, that means that port will not send or receive BPDU. Then how about if add one more command, "spanning-tee rootguard" on the same port, Is it meaningless ? Becuase that port already ignore the bpduguard.

They are used for 2 different things -

bpduguard is used for end devices and as you say will disable a port if it receives a BPDU

rootguard is not intended for ports that have end devices on them. It is intended for switch interconnect ports ie. ports that are used to uplink to other switches.

So BPDUGuard would never be used on switch uplinks because you want BPDUs to be sent and received on these ports.

Jon

View solution in original post

2 Replies 2

Ganesh Hariharan
VIP Alumni
VIP Alumni

Dear Expert,

I wouldl like to ask If spanning-tree bpduguard is enabled in a port, that means that port will not send or receive BPDU. Then how about if add one more command, "spanning-tee rootguard" on the same port, Is it meaningless ? Becuase that port already ignore the bpduguard.

Hi,

The PortFast BPDU guard feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When the BPDU guard feature is enabled on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs, instead of putting them into the spanning tree blocking state.

On the other hand for root gaurd ensures that the port on which root guard is enabled is the designated port. Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected together. If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state. This root-inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge.

The Action differs when you configure the the baove on swith ports.

Hope that helps

If helpful do rate

Ganesh.H

Jon Marshall
Hall of Fame
Hall of Fame

acbennyma wrote:

Dear Expert,

I wouldl like to ask If spanning-tree bpduguard is enabled in a port, that means that port will not send or receive BPDU. Then how about if add one more command, "spanning-tee rootguard" on the same port, Is it meaningless ? Becuase that port already ignore the bpduguard.

They are used for 2 different things -

bpduguard is used for end devices and as you say will disable a port if it receives a BPDU

rootguard is not intended for ports that have end devices on them. It is intended for switch interconnect ports ie. ports that are used to uplink to other switches.

So BPDUGuard would never be used on switch uplinks because you want BPDUs to be sent and received on these ports.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: