09-28-2005 07:43 PM - edited 03-03-2019 12:12 AM
This is a question on how Spanning-Tree Root Guard works.
First, root bridges are elected (or selected) on a per vlan basis. But Root Guard is implemented on a trunking port without any vlan information. So, how does root guard know which vlan to protect.
What if you have several vlans and you want a different switch to be the root for each vlan. Root Guard wont know which vlan to protect?
Am I missing something? If anyone has an explanation, I would love it. Thanks.
09-28-2005 11:14 PM
Hello Anthony,
as I understand it, the root guard feature is not meant to be implemented on trunk ports that are under your own administrative control, but rather on edge ports connecting e.g. an ISP to external devices. Since root guard applies to all VLANs, it would block a trunk port trying to become the root port. I guess the idea is that you, as the administrator of your network, need to be protected against external switches trying to become the root, but that your internal STP configuration should not be affected...
HTH,
GP
09-29-2005 05:32 AM
GP, thanks for the information. I really don't like this command because in the Cisco text I can find, they only give examples of its use within a 3 or 4 switch network, and mention nothing about proper use of it within vlans.
Anyway, thanks again.
10-04-2005 11:05 AM
Hi Anthony,
Rootguard can only be configured per port, but it is applied on a per instance basis. So basically, if rootguard is configured on a trunk, only vlans receiving superior information would be blocked (assuming you are running PVST).
Regards,
Francois
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide