Root Guard vs. BPDU Guard

[polm]

I am a little confused about BPDU and Root Guard on my Catalyst Switches.

My understanding :

BPDU guard will put a portfast enabled port into ERRDisable mode if it received BPDU messages from the port.

Root guard will automatically move a port into STP Designated mode if it recieves BPDU, but will not allow it to become root.

My question:

If BPDU guard is enabled on a port, can Root guard be enabled as well ?

It seems that BPDU guard would try to block the port, while Root guard would try to put the port into Designated mode.

 

[spidey07]

you are correct.

I believe you can use both, but BDPU guard takes precedence. You use it on host ports to prevent switches from being plugged in/loops.

 

[polm]

Originally posted by: spidey07
you are correct.

I believe you can use both, but BDPU guard takes precedence. You use it on host ports to prevent switches from being plugged in/loops.

but if I plug in a switch to a portfast enabled, bpdu guarded port, won't the port move into ErrDisable mode ?

seems Root Guard would be pointless if BPDU Guard has disabled the port already.

How does Root Guard help add a switch to STP if the port that switch connects to is in ErrDisable ?

Am I missing something here ? The whole ErrDisable vs. Designated thing ?

 

[spidey07]

well they just treat a port receiving a BPDU differently.

get a BPDU on a port with BPDU guard? shut down port no matter what. The feature is for edge ports.

http://www.cisco.com/en/US/tech/tk389/t...logies_tech_note09186a00800ae96b.shtml