Hello, I'm trying to find an article that explains configuring root guard on VPC port-channels...which I cannot find anything on.
I have a switch that connects to 2 nexus vpc peer link core switches via VPC (picture attached). I want to make sure that this switch A does not become the root for any VLAN ever. From my understanding, i should configure root guard on the interfaces trunks off the cores that connect to Switch A. Are there any caveats for doing this on VPC port-channels? So I go into Nexus A and configure the following:
spann tree guard root
then I repeat the same in the other Nexus B correct?
= The correct way is still to assign correct bridge priority to the intended root bridge (albeid per vlan or not) , stay away from root guard, controlled network management is better.
I agree that you should just make sure that nexus-a is the root for all vlans and nexus-b is the backup root to all vlans and leave the other switch at default stp priority. No need for guard root.