By default, all ports in a switch are capable of receiving and processing BPDU frames.
Knowing that Spanning-Tree protocols are not secure, it is enough for equipment to send a BPDU frame with a bridge ID weaker than the Root-Bridge for our Spanning-Tree topology to change completely.
The Root Guard command is set up on a port
The spanning tree guard root command will refuse to allow equipment to show up on this port with a bridge ID weaker than the Current Root-Bridge.
Switch (config-if) spanning-tree guard root
This security is put on a physical interface.
In a topology Spanning tree the Root Bridge is to belong To Core (Network heart).
So we have to put the "spanning tree guard root" on all our Trunk interfaces:
– Internal to SWITCH BLOC
– To the CORE
For users connected to the ACCESS section. We will ensure that it does not receive and emit any BPDU frames.
To do this, we will use the:
Hoping this article has been helpful to you! Don't hesitate to let me know!!
This site has other network items, take the opportunity to browse the menu bar!