Monday, March 24, 2008

Protecting your STP root switch

You can enable STP root guard feature on your STP root switch to protect the integrity. Should the STP root receive a superior BPDU, means another device wants to take over the STP root role, then the active STP root will place that port into a root inconsistent state and disable the port. This protects the STP root role from being accidentally or intentionally taken away.

SW1(config-if)# spanning-tree guard root

Suggested to enable this feature on all appropriate interfaces on the root switch.

No comments: