What is the difference between bpdu guard and root guard

We can configure the PortFast command on an access switch port interface. See the configuration example below:. Because PortFast can be enabled on non-trunking ports connecting two switches, spanning-tree loops can occur because Bridge Protocol Data Units BPDUs are still being transmitted and received on those ports.

Layer 2 loops in our network topology can be prevented by enabling another feature called PortFast BPDU Guard wherein it prevents the loop from happening by moving non-trunking switch ports into an errdisable state when the Bridge Protocol Data Unit BPDU is accepted on that port.

BPDU guard provides a secure response to invalid configurations because the network engineer needs to manually put the interface in a forwarding state. This simple difference is what sets apart the BPDU and root guard. But there are also some similarities which will be explained further in the text. A switching loop happens when there is more than one path available for the data flow in layer 2.

This can happen when two switches are not configured properly so there is more than one path that exists between them. The data keeps going back and forth from one port to another. When a switching loop is started, the data bounces from one port to another, creating so-called switching storms which will end up crashing the network, if the loop is not attended.

The switching loop cannot resolve on its own, and that is why the Spanning Tree Protocol was invented. The STP creates the shortest or fastest route through the system for the data to travel and helps prevent the switching loops.

This is done by choosing a root switch that has to be unique in the network. The root switch is locked into forwarding mode, and all other ports are designated ones. Standard STP does not have a way to ensure that the network administrator can enforce a switched layer 2 network.

The position of the root bridge and the preset parameters is what is going to determine the forwarding topology of a switched network. When translated into more simple language, this means that any switch in the network can take the role of a root guard.

As a result an Ethernet network is always designed like an inverted tree like this:. There are loops in this design that are implemented for resilience ie. STP will block a given path in planned operation but an alternate path can be activated if the primary path fails. The Root Guard feature can be enabled on all switch ports in the network off of which the root bridge should not appear. Root guards protects the root bridge from being modified without administrator permission by another switch.

If you manage all the switches you do not need root guard, because you can just set the switch priorities. Root guard is needed when you connect a network that you manage to one that you do not.

Tags Networks. Search This Blog. Follow Networksbaselin. Labels by Technology. Labels by Vendor.