jskfan
asked on
Loop Guard and Root Guard on Cisco Switches
Loop Guard and Root Guard on Cisco Switches
I have done some reading about Loop Guard and Root Guard
Loop guard is configured on Non Designated Ports , which means Blocked ports and Root Ports
Root Guard is configured on Designated Ports.
Well, I believe this is needed just in a redundant L2 Links Network. in this case , do we have to go to each Non Designated Ports in the Network and configure Loop Guard and to each Designated Port and configure Root Guard ?
I am assuming in the Network that has no Layer 2 redundant links this is not needed at all, except on the Access ports where we need to configure Port Fast and BPDU Guards.
Any Expert to shade some lights on this topic?
Thanks
I have done some reading about Loop Guard and Root Guard
Loop guard is configured on Non Designated Ports , which means Blocked ports and Root Ports
Root Guard is configured on Designated Ports.
Well, I believe this is needed just in a redundant L2 Links Network. in this case , do we have to go to each Non Designated Ports in the Network and configure Loop Guard and to each Designated Port and configure Root Guard ?
I am assuming in the Network that has no Layer 2 redundant links this is not needed at all, except on the Access ports where we need to configure Port Fast and BPDU Guards.
Any Expert to shade some lights on this topic?
Thanks
in this case , do we have to go to each Non Designated Ports in the Network and configure Loop Guard and to each Designated Port and configure Root Guard ?For those features, yes.
I am assuming in the Network that has no Layer 2 redundant links this is not needed at all, except on the Access ports where we need to configure Port Fast and BPDU Guards.Actually, things like Root Guard, Port Fast, BPDU Guard, etc., are not required. They are enhancements. They improve the behavior of STP.
As for Root Guard, its purpose is to enforce the designed topology. Basically, it allows the network administrator to prevent rogue or misconfigured switches from becoming the root and changing the network topology.
For example, you have made one of your switches the root because that creates the best topology for your network. If someone connects a new switch to one of your access switches and this new switch has a lower bridge ID, then it will become the root. There will then be a brief outage as the network converges to the new topology built around the new root. With Root Guard configured, when that new switch sent out its BPDU with the lower Bridge ID, it would be ignored.
ASKER
In real world do they have to use those enhancements or they go for a design that does not need those enhancements, for instance the one show on this diagram:
https://www.experts-exchange.com/questions/28965543/L2-L3-Switch-configuration.html
the only place where I see , on the diagram shown on the above line, that Portfast and Bpduguard are a must to be configured on Access switch ports connecting to computers.
https://www.experts-exchange.com/questions/28965543/L2-L3-Switch-configuration.html
the only place where I see , on the diagram shown on the above line, that Portfast and Bpduguard are a must to be configured on Access switch ports connecting to computers.
No, the enhancements are not required. They just improve the performance of spanning-tree.
But I ALWAYS use them whenever possible.
But I ALWAYS use them whenever possible.
ASKER
so the design as shown on this link, is the only solution to prevent STP Loops and TCN ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you Guys!
These only function if you have multiple uplinks to opposing switches, otherwise they are not needed with only a single uplink.