05-02-2024 12:46 AM
Hi, community,
I have some doubts about the feature Root Guard. My scenario is four VLANs on two distribution switches and some access switches connected to the upper layer. Switch A is the root bridge for VLANs 1 and 2, while Switch B is the root bridge for VLANs 3 and 4.
So, if I enable Root Guard on the physical interface on Switch A, it will cause problems with BPDUs for VLANs 3 and 4, leading to the interface being blocked. The IOS allowed me to configure Root Guard on the VLAN interface, but it didn't work as expected in GNS3 when I tested.
My concern is that I don't know if it`s a bad conf or the image doesn't work properly. Thanks in advance.
05-02-2024 01:03 AM
Sorry but I dont see SW-A
MHM
05-07-2024 10:30 AM
Sorry, my mistake. Switch A = B-00-SW01, and Switch B = B-00-SW02
05-07-2024 10:52 AM
Root guard make issue if you config it in B00SW1/2
You need to config it one layer down in B01-B02-B03 in link connect these SW to access SW.
MHM
05-07-2024 10:53 AM
05-02-2024 09:23 AM
Hello
Really you only would require root guard on interconnect links between 2 differing stp domains, so you can control the root ports between those stp domains, But within a single stp domain , not sure its really required as you would want fail over to happen in the event you lost some links on the root switch(s) and not isolation of those links
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide