RE: BPDU & Root Guard

root-guard doesn't prevent the switch from receiving BPDU's on an interface.
Only prevents the switch from accepting BPDU's with a lower bridge priority
than its current root switch.

A VLAN interface is a layer 3 interface. So is a port when you do the
command "no switchport". Do you need to worry about L2 features on a L3
interface?

Apply root guard to all L2 ports that are not a part of your designed switch
topology.

Regards,

Tyson Scott - CCIE #13513 R&S, Security, and SP

Managing Partner / Sr. Instructor - IPexpert, Inc.

Mailto: <mailto:tscott_at_ipexpert.com> tscott_at_ipexpert.com

From: Tony claros [mailto:tonyclaros26_at_gmail.com]
Sent: Wednesday, July 28, 2010 9:23 AM
To: Tyson Scott
Cc: Ankur Thakkar; Cisco certification
Subject: Re: BPDU & Root Guard

Thanks for replying.
On applying root-guard on trunk ports of a switch will prevent a port from
receiving bpdu traffic
 if the need is to avoid transmitting BPDU on access switchport then do I
need to apply on all these ports.

( SW_J )

interface vlan 88
ip address 120.10.10.1 255.255.255.0

interface fa 0/1
switchport mode access
switcport access vlan 88

interface fa 0/2
no switchport
ip address 10.100.100.1 255.255.255.0

On Wed, Jul 28, 2010 at 4:04 PM, Tyson Scott <tscott_at_ipexpert.com> wrote:

root guard should be applied to the edge of your controlled network. So not
only the root switch but all your downstream switches too. You wouldn't
want half of your network to disagree on who is root.

Regards,
 
Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Ankur Thakkar
Sent: Wednesday, July 28, 2010 12:39 AM
To: Tony claros
Cc: Cisco certification
Subject: Re: BPDU & Root Guard

Hi Tony,

Root guard is ideally applied on all the ports of a root bridge so that it
will not allow any superior BPDU's to demote itself.

Rgrds
Ankur

On Sun, Jul 18, 2010 at 2:46 PM, Tony claros <tonyclaros26_at_gmail.com> wrote:

> Hi
>
> When to use BPDU Guard && Root Guard.
>
> Condition needs to be applied on SW 2 that it should not become root for
> any
> vlan
> solution : spanning-tree vlan 1-1005 priority 255 ( is this correct )
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

--
-------------------------
"Born with a Noble personality is an accident .
But dying with a Noble personality is an achievement "
Blogs and organic groups at http://www.ccie.net