Is BPDUGUARD enough to avoid ROOTGUARD ?

Is BPDUGUARD enough to avoid ROOTGUARD ?

I have read in some articles where they stated that ROOTGUARD should be configured on the Core switches interfaces facing Distributed Switches and also configured on the Distributed Switches Interfaces facing Access Switches, this in order to prevent Bad Guy from connecting a new Switch configured with Lower Priority than existing switches or configured with Root Primary command then connected to Access Switches.

I thought when configuring BPDUGUARD on Access Switches will be enough, because no other Switch can be connected to Access Switches, and when connected the port will go in Shutdown (err-disabled)

Any clarification will be appreciated.

Thanks
jskfanAsked:
Who is Participating?
 
Don JohnstonInstructorCommented:
Yes, you are correct.

But rootguard is not just to protect against a bad guy.  It's also to protect against a good guy who forgot to make sure the switch (that came from a recently closed branch office and got installed at HQ) didn't have a lower BID.
0
 
jskfanAuthor Commented:
so to be in the safe side :
 ROOTGUARD should be configured on the Core switches interfaces facing Distributed Switches and also configured on the Distributed Switches Interfaces facing Access Switches
0
 
Don JohnstonInstructorCommented:
Yes.  

In that scenario, rootguard is to protect you from yourself. ;-)
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
jskfanAuthor Commented:
Thanks Don,

In Access Switch, BPDUGUARD should be enough , no need for Root Guard . Correct  ?
0
 
Don JohnstonInstructorCommented:
Yes.  That is correct.
0
 
jskfanAuthor Commented:
Thank you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.