If you don’t like to read, you haven’t found the right book

What is BPDU root guard?

Root guards protects the root bridge from being modified without administrator permission by another switch, BPDU Guard, blocks ports assigen to user acces, from being connected to non authorized switches.

What is the difference between loop guard and root guard?

Root guard forces a port to be always designated as the root port. Loop guard is effective only if the port is a root port or an alternate port. You cannot enable loop guard and root guard on a port at the same time.

What is Loop Guard and Root Guard?

The loop guard feature checks if a root port or an alternate root port receives BPDUs. If the port is receiving BPDUs, the loop guard feature puts the port into an inconsistent state until it starts receiving BPDUs again.

What is BPDU guard used for?

BPDU Guard feature is used to protect the Layer 2 Spanning Tree Protocol (STP) Topology from BPDU related attacks. BPDU Guard feature must be enabled on a port that should never receive a BPDU from its connected device.

What is root guard used for?

Root guard is an STP feature that is enabled on a port-by-port basis; it prevents a configured port from becoming a root port. Root guard prevents a downstream switch (often misconfigured or rogue) from becoming a root bridge in a topology.

What is root port?

The Root Port is the port on the Bridge (Switch) with the least Spanning Tree Path Cost from the switch to the Root Bridge. A Designated Port is the port on a Local Area Network (LAN) segment with the least Spanning Tree Path Cost to the Root Bridge (Root Switch).

Where should Rootguard be enabled?

Root guard is enabled with the interface command spanning-tree guard root. Root guard is placed on designated ports toward other switches that should never become root bridges.

What is spanning tree BPDUfilter enable?

The spanning-tree BPDUfilter works similar to BPDUGuard as it allows you to block malicious BPDUs. When you receive a BPDU on a portfast enabled interface then it will lose its portfast status, disables BPDU filtering and acts as a normal interface.

Where do you put root guard?

“You must enable root guard on all ports where the root bridge should not appear.” Again going from the image on the original post this is correct. The root bridge should not appear on those highlighted ports. All switches run pure STP with Per VLAN Spanning-Tree.

What’s the difference between root guard and BPDU guard?

Root-guard will stop a superior bpdu from becoming the root. Bpdu guard will stop another switch from connecting entirely by shutting the port down. Why not just configure bpdu guard on all access layer ports and be done with it?

What does the BPDU guard and BPDU filter do?

The BPDU Guard feature prevents the port from receiving any BPDUs but does not prevent it from sending them. If any BPDUs are received, the port will be errdisabled. The BPDU Filter feature effectively disables STP on the selected ports by preventing them from sending or receiving any BPDUs.

What’s the difference between BPDU guard and port fast port?

Exchanged at a frequency of every 2 seconds by default, BPDU’s allow switches to keep a track of network changes and when to block or forward ports to ensure a loop free topology. BPDU Guard is designed to protect your switching network. Remember that a Port-fast port is designed to be connected to a device where BPDU’s aren’t expected.

Which is root bridge generates a superior BPDU?

A superior BPDU is a BPDU which has a lower Bridge ID. In a normal network, superior BPDU’s are generated by Root Bridge. If any other switch generate a superior BPDU, Spanning Tree Protocol (STP) recalculations will happen and the switch which generated superior BPDU will become the new Root Bridge.