Lessons learned:
Root Guard –
If superior BPDU is received shut down port.
Normally you enable root guard on the downstream facing
interfaces form the sore or distribution layer.
Root Guard basically says check the BPDU’s as they come in
(towards the Core / Distro Layers)
Allow Spanning-tree updates to come in but I the case of a
Superior BPDU – better cost to the root bridge – Then disable the instance of spanning
tree.
Root guard will only care about Superior BPDU’s, unlike
BPDUGuard which will disable interfaces that receive BPDU’s.
Configure RootGuard:
From the root switch – on the downstream facing interfaces.
# spanning-tree guard
root
configuration for this is at the port level.
No comments:
Post a Comment