12-13-2014 02:47 PM - edited 03-07-2019 09:53 PM
Hello,
I am experimenting with root guard on my home lab and I came across something that is puzzling. I configured root guard on my 3560 (acting as core), and configured Root Guard on the trunk port leading connecting to a 3550 switch. I set the priority for both all existing vlans, on my 3550 to 0 to try and see how root guard would act. Surprisingly, the 3550 took over as root for the vlans even though I have root guard enabled on the trunk 3560 interface connecting to the 3550.
i was expecting the interface on the 3560 to go into Root inconsistent but it did not. Traffic flowed without any issues.
Does this mean that Root guard only works on access layers switch interfaces?
12-13-2014 05:03 PM
Did you test on real gear or packet tracer/dynamics?
12-13-2014 07:07 PM
This was on real gear. The designated port on the 3560 (initial root) connecting to the 3550 changed over to a root port.
12-13-2014 11:08 PM
Hello
obviocusly this should not occur - The port you apply root guard to should always be a designated port - what ios is running on the 3550?
" The Catalyst 3550 series switches support the root guard feature in Cisco IOS Software Release 12.1(4)EA1 and later."
res
paul
12-14-2014 09:39 AM
Ok, I think I found my mistake. I have a portchannel configured between the 3560 and 3550. i configured root guard on the individual port interfaces themselves as opposed to the etherchannel logical.
thanks for your time.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide