Root Guard, BPDU Guard, and BPDU Filter
Root Guard
Root Guard is a feature that is used during network anomalies for avoiding Layer 2 loops. For preventing the switches at the surrounding of the port from becoming root switches, the Root guard feature will compel the interface to change to a designated port. In a network, this feature will provide a way to enforce the root bridge placement. This feature will not allow the Designation Port to become a Root Port. If the Root Guard features receive a superior BPDU on port, it changes the port into root-inconsistent state (which is a listening state), a trough that the Root Bridge status is maintained.
Other than STP enhancement (enabled on a global basis), Root Guard is enabled on every port (that don’t want Root Bridge) manually. Due to this, it is important to make sure to have a deterministic topology when there is a plan to design and implement STP in the LAN. The switch won’t allow the port to become an STP port after the Root Guard is enabled on that port. If a port enabled with Root Guard receives a better BPDU, other than processing the BPDU the Root Guard disables the port. Is an unauthorized user starts to send BPDU which has a good ID, the STP process will select a new switch to become a root switch, and when the port is disabled the network topology will get protected.
BPDU Guard
BPDU Guard is also a feature that is used on an access port that is configured with Port Fast. When a port that is enabled with BPDU Guard and received a BPDU from the device that is connected to it, then BPDU will disable the port and also the state of the port will be changed to Err disable state.
This feature can also be globally enabled at Global configuration mode or by interface at Interface configuration mode.
BPUD Filter
BPUD filter is also a feature that is implemented on an access port that is configured to Port Fast. BPUD filter feature not allow you to generate BPUDs on the access port which is configured with the Port Fast.
BPUD filter also can be globally enabled at Global configuration mode or by interface at Interface configuration mode.
When it is configured as a Global level or Interface configuration mode, this feature will act in two different forms. When the BPDU Filter feature is enabled with the Global level, then all ports will be applied with BPDU Filter that is enabled by Spanning Tree Protocol (STP) Port Fast. The Port Fast feature will be disabled when a BPDU is received on that port and that port will become as like an STP port.
BPDU Filter will not send BPDUs when the BPDU filter is enabled on the interface level and it will avoid the processing of the received BPDU. Spanning Tree Protocol on that interface will get completely disabled due to this behavior. If the switches are connected to the ports that are enabled by the BPDU filter accidentally, it will cause damage to the network by forming the Layer 2 switching loop. Read More: https://snabaynetworking.com/
