At the interface level, BPDU Guard can be enabled on an interface by using the spanning-tree bpduguard
enable interface configuration command without also enabling the port fast feature. When the interface
receives a BPDU, the switch assumes that a problem exists and puts the interface in the error-disabled state.
The BPDU Guard feature provides a secure response to invalid configurations because you must manually put
the interface back in service. In a service-provider network environment, the BPUD Guard feature can be used
to prevent an access port from participating in the spanning tree.
Root Guard
In a switched network environment with shared administrative control or in a service provider (SP) environment
where there are many connections to other switches (into customer networks), it is important to identify the
correct placement of the root bridge. If possible, it is also important to identify a specific predetermined location
to achieve an optimal forwarding loop-free topology. There is no mechanism in the standard STP to enforce the
position of the root bridge, as any bridge in a network with a lower bridge ID can assume the role of the root
bridge. Sometimes because of a misconfiguration, a spanning tree may converge incorrectly by selecting an
imprecise switch to be the root switch.
Pages:
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187