Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
0
Helpful
4
Replies

spanning tree guard root

subhojithalder198
Level 1
Level 1

‎12-04-2013 09:24 PM - edited ‎03-07-2019 04:56 PM

                  Hi,

We have 45xx switch & we enabled spanning tree root guard on ports connected with access switch via fiber uplink

& we enable spanning tree loop guard on access switch side

One of my core switch port connected to Juniper Netscreen Firewall

Whether I need to enable spanning tree guard root on the same port on core switch side ? or not

In case of yes, any config changes required on JUniper Netscreen box

Br/Subhojit

Labels:
0 Helpful
4 Replies 4

daniel.dib
Level 7
Level 7

‎12-04-2013 11:34 PM

It depends if the Netscreen is running STP but probably it's not? If it's not sending BPDUs then there is no need to apply root guard there. You can check with show spanning-tree interface detail on the interface leading to the Netscreen. Check for incoming BPDUs.

Daniel Dib
CCIE #37149

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.
0 Helpful

subhojithalder198
Level 1
Level 1
In response to daniel.dib

‎12-04-2013 11:39 PM

Hi, Pls find the output

Port 130 (GigabitEthernet3/2) of VLAN0054 is designated forwarding

   Port path cost 4, Port priority 128, Port Identifier 128.130.

   Designated root has priority 8246, address 001b.d474.8a40

   Designated bridge has priority 16438, address 001b.0cee.0440

   Designated port id is 128.130, designated path cost 3

   Timers: message age 0, forward delay 0, hold 0

   Number of transitions to forwarding state: 1

   Link type is point-to-point by default

  Bpdu filter is enabled

   Root guard is enabled on the port

   BPDU: sent 5847158, received 0

Present the bold config enabled on the port

Br/Subhojit

0 Helpful

venkateshwarlut
Level 1
Level 1
In response to subhojithalder198

‎12-04-2013 11:54 PM

Hi Subhoj,

                As per your output, no BPDUs are receving, not required to configure spanning tree root guard. As a best practice you can enable.

Thanks

Venkat

0 Helpful

daniel.dib
Level 7
Level 7
In response to subhojithalder198

‎12-06-2013 02:14 AM

Like Venkat said it's not really necessary but you can enable it if you want to.

Daniel Dib
CCIE #37149

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card