OmniSecu.com Logo  
omnisecu.com free mcse ccna rhce linux java learning
omnisecu.com free mcse ccna rhce linux java learning
          Sharefacebook twitter google+ google bookmark yahoo bookmark delicious digg linkedin pinterest reddit stumbleupon evernote diigo blinklist blogmarks livejournal email feed

Tutorials

What is Root Guard and how to configure Root Guard in Cisco Switches

External Resources

Root Guard protects the Spanning Tree Protocol (STP) topology attack of replacing the original Root Bridge with a rogue Root Bridge. When a Root Guard feature enabled switch port receives a superior BPDU from a rogue switch, the state of the port is changed into a root-inconsistent state, thus enforcing the position of original Root Bridge. Once the port state is changed into root-inconsistent state (similar to STP listening state), no user data is sent via that port. However, after the flow of superior BPDUs is stopped, the port state will change back to the forwarding state. In other words, Root Guard feature of Cisco Switches prevents a Designated Port from becoming a Root Port.

Root Guard feature can be enabled on switch ports that is connected to other switches that should never become a Root Bridge. For example, a port on the distribution layer switch which is connected to an access layer switch can be Root Guard enabled, because the access layer switch should never become the Root Bridge.

 

How to configure Root Guard in Cisco Switches

To enable Root Guard, use following commands.

OmniSecuSW1#configure terminal
OmniSecuSW1(config)#interface giga 0/0
OmniSecuSW1(config-if)#spanning-tree guard root
OmniSecuSW1(config-if)#exit
OmniSecuSW1(config)#exit
OmniSecuSW1# 

 

To disable Root Guard, use following commands.

OmniSecuSW1#configure terminal
OmniSecuSW1(config)#interface giga 0/0
OmniSecuSW1(config-if)#no spanning-tree guard root
OmniSecuSW1(config-if)#exit
OmniSecuSW1(config)#exit
OmniSecuSW1# 

 

              Jajish Thomason Google+
Related Topics
comments powered by Disqus


eXTReMe Tracker DMCA.com