In this blog I will try to explain about Root Guard, BPDU Guard and BPDU filtering. All of these features to protect BPDU information from another switch.
Root guard can be applied on certain ports and protects downstream switches from becoming root switches. If a port on the switch is configured witch root guard, when it receives a superior BPDU, it will discard the BPDU and will put that port into "root-inconsistent" state and goes back normal when the port does not receive superior BPDU information.
The command for configuring root guard is on the interface configuration with the command "spanning-tree guard root".
There could be a possibility that one accidently applies portfast on a port and puts another switching device on the other side. This can lead to a switching loop and can be prevented by applying BDPU guard. When a BPDU comes into a port with BPDU guard applied to it, the port will be shut down and will show the "err-disabled" information.
The command for configuring BPDU guard is on the interface configuration with the command "spanning-tree bpduguard enable" or if you want to enable it on all ports you can do it on the switch configuration mode and enter the command "spanning-tree portfast bpduguard default".
The last one is BPDU filtering. This feature is used when we don't want the port to be disabled when it receives a BPDU. It can be configured globally and by interface but have different characteristics when applied:
1. If the BDPU filtering is applied globally, the portfast enabled port will stop running portfast when it receives a BPDU packet.
2. If the BDPU filtering is applied on an interface only, the incoming BPDU on the port with BPDU filtering will be dropped silently and no BPDU packets will be returned.
The command for configuring BPDU guard is on the interface configuration with the command "spanning-tree bpdufilter enable" or if you want to enable it on all ports you can do it on the switch configuration mode and enter the command "spanning-tree portfast bpdufilter default".
Hope this short explanation about Root Guard, BPDU Guard and BPDU Filtering can help you understand about these features and how and when to apply them.
No comments:
Post a Comment