Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5253
Views
0
Helpful
4
Replies

Root Guard on trunkport

ajay kondapalli
Level 1
Level 1

‎06-23-2011 06:36 PM - edited ‎03-07-2019 12:57 AM

Hi,

Is there any chance to use Root guard feature on trunk ports in any kind of environment in cisco world.

I have seen in one config, they applied root guard on trunk port.  generally root guard feature  is used for avoiding accidental situations or to block rogue switch inserted at access layer.

Is there any special reason to apply root guard on trunk ports?

Thanks,

AJAY

Labels:
0 Helpful
4 Replies 4

Jerry Ye
Cisco Employee
Cisco Employee

‎06-23-2011 09:45 PM

Root guard can applied to trunk port or access port. Root guard is used to protect the STP root.

In a stable environment, meaning you have a switch which is definded as the root for your VLANs, root guard should be configured on the designated port to protect the root. If this designated port becomes root port when root guard is configured (another switch with lower STP priority), the port will become root inconsistant state and traffic will be blocked.

Please the following link for the detail explaination of root guard

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml

HTH,

jerry

0 Helpful

ajay kondapalli
Level 1
Level 1
In response to Jerry Ye

‎06-24-2011 09:40 AM

Thanks Jerry,

for example  :  we have one root switch and 2 non root switches,   and we enable Root guard on trunk ports of non root switches. (on DP) , if the root switch is failed, how does the root guard enabled switch come online ?

and  if the proper election is happened initially for root selection, how does a non root switch can advertise lower priority to root switfch later?  is that possible ?

plz explain.

Thanks,

Ajay

0 Helpful

Jerry Ye
Cisco Employee
Cisco Employee
In response to ajay kondapalli

‎06-24-2011 11:43 AM

Root guard will be enabled on the trunk port of the STP primary root and secondary root, to be specific, on the designated port. For redundancy reason, you will want to have a primary root bridge and secondary root bridge in your L2 domain.

To your second question, it is not possible if u configure all the switch correctly. Root guard is to protect human error, such as some L1 engineer insert a switch with priority 0 into the network, this switch will try to become root.

Regards,

jerry

0 Helpful

Dusty87
Level 1
Level 1
In response to ajay kondapalli

‎05-25-2018 06:01 AM

we have one root switch and 2 non root switches,   and we enable Root guard on trunk ports of non root switches. (on DP) , if the root switch is failed, how does the root guard enabled switch come online ?

 

Both switches will start announcing they are roots by sending config BPDUs to each other upon the previous root failure.

 

Because of root Guard being enabled on both the switch’s ports connecting the trunk link , the one with less superior BPDU will put its port in the trunk connection to root-inconsistency & the other will put its port in the trunk connection to DP role.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card