Ok, I think I found my

RGill94 · ‎12-13-2014

Hello,

I am experimenting with root guard on my home lab and I came across something that is puzzling. I configured root guard on my 3560 (acting as core), and configured Root Guard on the trunk port leading connecting to a 3550 switch. I set the priority for both all existing vlans, on my 3550 to 0 to try and see how root guard would act. Surprisingly, the 3550 took over as root for the vlans even though I have root guard enabled on the trunk 3560 interface connecting to the 3550.

i was expecting the interface on the 3560 to go into Root inconsistent but it did not. Traffic flowed without any issues.

Does this mean that Root guard only works on access layers switch interfaces?

InayathUlla Sharieff · ‎12-13-2014

Did you test on real gear or packet tracer/dynamics?

RGill94 · ‎12-13-2014

This was on real gear. The designated port on the 3560 (initial root) connecting to the 3550 changed over to a root port.

paul driver · ‎12-13-2014

Hello

obviocusly this should not occur - The port you apply root guard to should always be a designated port - what ios is running on the 3550?

" The Catalyst 3550 series switches support the root guard feature in Cisco IOS Software Release 12.1(4)EA1 and later."

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

RGill94 · ‎12-14-2014

Ok, I think I found my mistake. I have a portchannel configured between the 3560 and 3550. i configured root guard on the individual port interfaces themselves as opposed to the etherchannel logical.

thanks for your time.

Root Guard on Core Switch