Re: BPDU & Root Guard

Hi Tony

Applying Root Guard does not prevent BPDU traffic. It only prevents
superior BPDUs that are coming from a switch that is claiming to
be the root bridge.
therefore if you apply Root guard all BPDUs will happily be
transmitted on the interface however as soon as a superior BPDU is
received
from an attached switch claiming to be the root, the interface that
root guard is applied to will go into a loop-inconsistent state until
these superior
BPDUs stop (ie until the attached switch stops trying to be the root bridge)

If you want to stop the transmission of BPDUs totally, the you can use
BPDU Guard which will errdisable the interface when a BPDU is
received.
Or you can use BPDU Filter which which if applied at the interface
level will constantly filter BPDUs but will not shut down the port.

The last option would be portfast but this will effectively disable
spanning-tree on the interface it is applied to.

Hope that makes sense.

On 28 July 2010 14:23, Tony claros <tonyclaros26_at_gmail.com> wrote:
> Thanks for replying.
> On applying root-guard on trunk ports of a switch will prevent a port from
> receiving bpdu traffic
> if the need is to avoid transmitting BPDU on access switchport then do I
> need to apply on all these ports.
>
> ( SW_J )
>
> interface vlan 88
> ip address 120.10.10.1 255.255.255.0
>
> interface fa 0/1
> switchport mode access
> switcport access vlan 88
>
> interface fa 0/2
> no switchport
> ip address 10.100.100.1 255.255.255.0
>
>
>
>
> On Wed, Jul 28, 2010 at 4:04 PM, Tyson Scott <tscott_at_ipexpert.com> wrote:
>
>> root guard should be applied to the edge of your controlled network. So
>> not
>> only the root switch but all your downstream switches too. You wouldn't
>> want half of your network to disagree on who is root.
>>
>> Regards,
>>
>> Tyson Scott - CCIE #13513 R&S, Security, and SP
>> Managing Partner / Sr. Instructor - IPexpert, Inc.
>> Mailto: tscott_at_ipexpert.com
>>
>>
>>
>> -----Original Message-----
>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> Ankur Thakkar
>> Sent: Wednesday, July 28, 2010 12:39 AM
>> To: Tony claros
>> Cc: Cisco certification
>> Subject: Re: BPDU & Root Guard
>>
>> Hi Tony,
>>
>> Root guard is ideally applied on all the ports of a root bridge so that it
>> will not allow any superior BPDU's to demote itself.
>>
>>
>> Rgrds
>> Ankur
>>
>> On Sun, Jul 18, 2010 at 2:46 PM, Tony claros <tonyclaros26_at_gmail.com>
>> wrote:
>>
>> > Hi
>> >
>> > When to use BPDU Guard && Root Guard.
>> >
>> > Condition needs to be applied on SW 2 that it should not become root for
>> > any
>> > vlan
>> > solution : spanning-tree vlan 1-1005 priority 255 ( is this correct )
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>
>> --
>> -------------------------
>> "Born with a Noble personality is an accident .
>> But dying with a Noble personality is an achievement "
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 28 2010 - 14:35:54 ART