The administrator can set the root bridge priority to 0 in an effort to secure the root bridge position. But there is no guarantee against a bridge with a priority of 0 and a lower MAC address.
"root guard " will protect your switch against unplanned spanning tree changes. (Superior information received)
best practice, use BPDU Guard on all access ports unless there is a special situation where you shoud use ROOT Guard only on that port or few ports and BPDU ROOT Guard on trunks in your domain, to preserve your ROOT Bridge position.
Reference: https://learningnetwork.cisco.com
Configuring Spanning Tree PortFast, BPDU Guard, BPDU Filter, UplinkFast,
Understanding Rapid Spanning Tree Protocol (802.1w)
Spanning Tree Protocol Root Guard Enhancement
No comments:
Post a Comment