Home > Root Guard

Root Guard

September 9th, 2017 in SWITCH 300-115 Go to comments

Question 1

Explanation

Root guard does not allow the port to become a STP root port, so the port is always STP-designated. If a better BPDU arrives on this port, root guard does not take the BPDU into account and elect a new STP root. Instead, root guard puts the port into the root-inconsistent STP state which is equal to a listening state. No traffic is forwarded across this port.

Below is an example of where to configure Root Guard on the ports. Notice that Root Guard is always configure on designated ports.

Root_Guard_Location.jpg

To configure Root Guard use this command:

Switch(config-if)# spanning-tree guard root

Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10588-74.html

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Comments
  1. BL
    August 8th, 2017

    This question is come out today.

    Which feature do you implement so that an interface enter the root inconsistent state if it receives a superior BPDU?

    Answer: Root Guard

  2. RA
    December 13th, 2017

    Can anyone check this question:
    Where should the Root Guard be implemented in the network topology that Cisco recommends? (Choose two)
    A. All non-root ports of the Access Switches.
    B. Downstream links from Distribution to Access Switches
    C. Access Switches to uplink ports to Distribution Switches
    D. On Layer 3 Switches.
    Answer are shown as A & B.
    However, Access Switches should not have root guard enable, so for me A is not correct.
    If I need to choose two answer I would say B & D.
    It is most likely that Layer 4 switches are located at distribution and core layers, which are the switches that needs de root guard feature enable facing the port towards the access switches.

    Can anyone further explain why they show A as an answer?

  3. wasntme
    December 14th, 2017

    @RA: on L3 switches you should be doing routing | all L2 should stop at distribution layer |L3 switches in this case sound like core switches

  4. K
    February 22nd, 2018

    Where should the Root Guard be implemented in the network topology that Cisco recommends? (Choose two)
    A. All non-root ports of the Access Switches.
    B. Downstream links from Distribution to Access Switches
    C. Access Switches to uplink ports to Distribution Switches
    D. On Layer 3 Switches.

    A & B are correct.

    Root guard does not allow the port to become an STP root port, so the port is always STP-designated.

    You must enable root guard on all ports where the root bridge should not appear.

    See: https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10588-74.html#feature

  5. Anonymous
    May 10th, 2018

    can anyone question 7 ?

  1. No trackbacks yet.