Spanning-Tree BPDUGuard

Hello Durga

BPDUguard should be enabled on interfaces to which you should never receive BPDUs such as those interfaces connected to end devices and hosts. BPDUGuard is often combined with portfast to protect these interfaces from creating an unwanted loop. You should never configure BPDUguard on interfaces where you expect BPDUs to arrive such as a link between switches. In your case, you should expect to receive BPDUs on the link between your core and access switch so BPDU guard should never be implemented there. BPDUs will be sent and the interface will go into errdisable state, something that is not desirable.

Rootguard on the other hand can be implemented on the interface on the core sw connecting to the access switch. This is because you want the core switch to always be the root and you should not accept any BPDUs that are incoming to change that.

I hope this has been helpful!

Laz

2 Likes