Re: BPDU & Root Guard

That was part of my understanding. Thanks for the clarification Cristian.

Sanda Babatunde B.Sc (Accounting) CCNP, CCVP, CCNA(R,S,V), MCSA, N+, A+.
Sent from my iPhone

On Jul 28, 2010, at 7:28 AM, "Cristian Matei" <cristian.matei_at_datanets.ro> wrote:

> HI all,
>
> It depends on the logical topology of the layer 2 domain; if you
> follow cisco's recommendation like redundant distribution layer with
> dual-connected access switches on both distribution sw, you will enable root
> guard at distribution level only on DSG/downstream ports towards access
> switches; as root guard keeps DSG ports from becoming non-DSG. On access
> switches there is no mean to use root guard on downstream ports towards
> terminals but use bpdu guard.
>
> Regards,
> Cristian.
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Babatunde Sanda
> Sent: Wednesday, July 28, 2010 5:07 PM
> To: Tyson Scott
> Cc: Ankur Thakkar; Tony claros; Cisco certification
> Subject: Re: BPDU & Root Guard
>
> Tyson,
> My understanding is that the root bridge should be planned to be at the
> center of the network.
>
> When this is planned out and all switches know of each other and who is the
> root for each vlan through the initial discovery from sending BPDU traffic
> into the network.
>
> Identifying your central point and protecting it need be done only at this
> central point with "guard root". You need not go configure "root guard" on
> other switches except the are acting as roots for other vlans. Hence the
> initial command "spanning-tree vlan (vlan or range) root primary/secondary
> ".
>
> Is there something I missed in your thought process please explain.
>
> Thank you
>
>
>
> Sanda Babatunde B.Sc (Accounting) CCNP, CCVP, CCNA(R,S,V), MCSA, N+, A+.
> Sent from my iPhone
>
> On Jul 28, 2010, at 6:04 AM, "Tyson Scott" <tscott_at_ipexpert.com> wrote:
>
>> root guard should be applied to the edge of your controlled network. So
> not
>> only the root switch but all your downstream switches too. You wouldn't
>> want half of your network to disagree on who is root.
>>
>> Regards,
>>
>> Tyson Scott - CCIE #13513 R&S, Security, and SP
>> Managing Partner / Sr. Instructor - IPexpert, Inc.
>> Mailto: tscott_at_ipexpert.com
>>
>>
>>
>> -----Original Message-----
>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> Ankur Thakkar
>> Sent: Wednesday, July 28, 2010 12:39 AM
>> To: Tony claros
>> Cc: Cisco certification
>> Subject: Re: BPDU & Root Guard
>>
>> Hi Tony,
>>
>> Root guard is ideally applied on all the ports of a root bridge so that it
>> will not allow any superior BPDU's to demote itself.
>>
>>
>> Rgrds
>> Ankur
>>
>> On Sun, Jul 18, 2010 at 2:46 PM, Tony claros <tonyclaros26_at_gmail.com>
> wrote:
>>
>>> Hi
>>>
>>> When to use BPDU Guard && Root Guard.
>>>
>>> Condition needs to be applied on SW 2 that it should not become root for
>>> any
>>> vlan
>>> solution : spanning-tree vlan 1-1005 priority 255 ( is this correct )
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> -------------------------
>> "Born with a Noble personality is an accident .
>> But dying with a Noble personality is an achievement "
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 28 2010 - 08:12:46 ART