What’s the difference between Root guard and BPDU guard? Can we say Root guard blocks only superior BPDU and allow Inferior BPDU and Interface enter into Root Inconsistent state while the BPDU guard blocks superior and Inferior BPDU as well and the interface enters into error-disabled state?
And How can we check if a root guard or BPDU guard is enabled on a switch?
Hi @hemanttolwani1989 ,
That is correct.
BPDU guard blocks any BPDU. You can use it in scenarios where you don’t expect any BPDUs.
You could use root guard on your distribution layer switches to prevent an access layer switch from (accidently) becoming the root bridge.
This command is useful to check it per port:
SW1#show spanning-tree interface gigabitEthernet 1/0/2 detail
Port 2 (GigabitEthernet1/0/2) of VLAN0120 is designated forwarding
Port path cost 200000, Port priority 128, Port Identifier 128.2.
Designated root has priority 120, address 08f3.fb39.e300
Designated bridge has priority 120, address 08f3.fb39.e300
Designated port id is 128.2, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
The port is in the portfast mode
Link type is shared by default
Bpdu guard is enabled
Root guard is enabled on the port
BPDU: sent 518336, received 0