Re: spanning tree guard root command

carl_townshend · ‎08-06-2009

Hi all

when configuring root guard, should I only enable this on my access ports, not my root and uplink ports ?

i.va · ‎08-06-2009

Hi, I am sure this will help you:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml

hth

Istvan_Rabai · ‎08-06-2009

Yes.

Rootguard protects against bpdus that are better than the current bpdus received from the root, because you want your root switch to be in a proper location in the network and within the spanning-tree.

On access-ports you do not expect to receive bpdus at all, so rootguard should be configured on them.

On root ports and uplink ports bpdus from the root switch are expected. Otherwise the spanning-tree would not work.

So if you enable rootguard on the root ports and uplink ports, the swithces will be isolated on those ports because those ports will be put into root inconsistent state and traffic will be disabled.

Cheers:

Istvan

comprev · ‎03-04-2020

Actually, I would not configure Root Guard on Access ports. I would configure BPDU Guard on Access ports. This will prevent a rouge switch that attaches to those port from becoming root because BPDU guard will shut down the port.

Root Guard should be on links to other switches to prevent a switch further down the stream from becoming root.

Cristian Matei · ‎03-05-2020

Hi,

Root guard on a port, means that if you receive a superior BPDU on that port (someone claiming the root role), the port goes into Root Inconsistent state, to defend the root switch placement in your network, which affects your data traffic flow in the end. Rot Guard should be configured on the primary and secondary root bridges, on the downstream ports facing the other switches.

Regards,

Cristian Matei.

spanning tree guard root command

Spanning Tree Protocolo (STP)

Multiple Spanning-Tree (MST) - Configuração e Troubleshoot.

Nexus シリーズ : spanning-treeについて

spanning-tree vlan 1 root primary

ROOT guard 技术