Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
905
Views
0
Helpful
3
Replies

ROOT GUARD

shiraforkosh1
Level 1
Level 1

ā€Ž05-23-2017 10:13 AM - edited ā€Ž03-08-2019 10:41 AM

Hi,

I have a spsific question about the funciton of root guard, that I can't checkit now on my own from some reason, so i it can be very helpfull if someone can answer me for this.

I learned that the root guard put the port that it configured on it in an "inconsistent" state if there is a switch that was connected to this port.

The reason that it "block" the port its becouse a new switch that connect to the network thinks that it is the root bridge so he send bpdu. My question is:

If the new switch that was connect to the port that was configured with the root guard command, has a bigger priority number then the current root bridge , means he can't replace the root bridge anyway, does the port will insert to inconsistent state, or it will be designated port becsuse the switch that recive the bpdu will see that the bpdu are Inferior BPDUs? 

My English isn't so good, so i put a draw that i think explian better my question (just in case if i didn't explain myself clearly):

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

ā€Ž05-23-2017 10:23 AM

The port will be a designated port.

It will only be in an inconsistent state if the new switch has a lower priority than the current root switch.

Jon

0 Helpful

jonathan.cuthbert
Level 5
Level 5

ā€Ž05-23-2017 10:30 AM

"The Root Guard feature was developed as a means to control where candidate root bridges
can be connected and found on a network. Basically, a switch learns the current root
bridgeā€™s bridge ID. If another switch advertises a superior BPDU, or one with a better
bridge ID, on a port where Root Guard is enabled, the local switch will not allow the new
switch to become the root. As long as the superior BPDUs are being received on the port,
the port will be kept in the root-inconsistent STP state. No data can be sent or received
in that state, but the switch can listen to BPDUs received on the port to detect a new root
advertising itself."

Here is a direct link to the Google Books Search Query. 

In your diagram, Switch 4 has a lower priority, so Switch 3 Int FA 0/1 will be in a designated port for the LAN segment between Switch 3 and Switch 4.  

If you had a different setup and Switch 4 had a superior priority than Switch 1, then the port INT FA 0/1 on Switch 3 would be in an inconsistent state. 

0 Helpful

Julio E. Moisa
VIP
VIP

ā€Ž05-23-2017 01:12 PM

Hi

The root guard is a feature to protect the root and backup root bridges, root guard will force to keep the port as designated. Imagine you install a new access switches on your layer 2 network and for any reason this new one has a lowest bridge priority than the root bridge, it could become in a new root and impact the entire network. 

So the idea with root guard is avoid this behavior, the command: spanning guard root is configured on the root and back root bridge under the trunk interface facing to the access switches only. If the current root detects some switch is sending better BPDUs with lowest priority trying to be the root it will see the port with inconsistent state and it'll generate warning messages. 

Hope it is useful

:-)




>> Marcar como Ćŗtil o contestado, si la respuesta resolviĆ³ la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card