09-12-2024 02:31 PM - edited 09-12-2024 02:44 PM
I've been trying to set STP on my network in 5 switches. SW0-D (top left) is primary for vlans 1, 10, 20, 30, and is secondary for vlans 40, 50, 60, and vice versa for SW1-D. I already set VTP properly.
These are the commands I've used to set the STP (I tried to do this a lot of times, so I already tried multiple different orders to write these in):
in all SW-D
enable
configure terminal
spanning-tree mode rapid-pvst
in all SW-A
enable
configure terminal
spanning-tree mode rapid-pvst
spanning-tree vlan 10
spanning-tree vlan 20
spanning-tree vlan 30
spanning-tree vlan 40
spanning-tree vlan 50
spanning-tree vlan 60
interface range fastethernet0/1-12
spanning-tree bpduguard enable
spanning-tree portfast
exit
SW0-D
enable
configure terminal
spanning-tree vlan 1, 10, 20, 30 root primary
spanning-tree vlan 40, 50, 60 root secondary
interface range g0/1, g1/1, g2/1, g3/1, g4/1
spanning-tree guard root
SW1-D
enable
configure terminal
spanning-tree vlan 40, 50, 60 root primary
spanning-tree vlan 1, 10, 20, 30 root secondary
interface range g0/1, g1/1, g2/1, g3/1, g4/1
spanning-tree guard root
Once I was done with these commands, and used 'wr mem' in all switches, I closed the file, then reopened it. As soon as I entered SW0-D and SW1-D CLI, I saw multiple variations of these messages:
Moved to root-inconsistent state
%SPANTREE-2-ROOTGUARDBLOCK: Port 3/1 tried to become non-designated in VLAN 111.
Moved to root-inconsistent state
%SPANTREE-2-ROOTGUARDBLOCK: Port 3/1 tried to become non-designated in VLAN 23.
Moved to root-inconsistent state
I then used 'show spanning-tree sum', and both of SW0-D and SW1-D had all of the vlans as vlans theyre root for. I genuinely don't know where I've gone wrong.
I'm using cisco packet tracer v8.8.2.0400
EDIT: configured again, this time without root guard, and it stopped doing it. I do not understand why. If anyone knows, please explain.
Solved! Go to Solution.
09-12-2024 04:05 PM
Hello
@brick2 wrote:configured again, this time without root guard, and it stopped doing it. I do not understand why. If anyone knows, please explain.
Routguard does what it states, it guards ports from becoming root ports, meaning ports on switch facing towards the stp root switch of the stp domain,
Usually you would apply rootguard only on ports that you dont ever expect to become root ports, ( edge access-ports or on links interconnecting two different stp domains)
You dont apply rootguard to any switch interconnects (trunks) within a single stp domain doing so could lead to loss of stp convergence
So I am assuming the reason those errors went away when you remove rootguard was the fact you had it previously applied to the wrong ports
09-12-2024 04:05 PM
Hello
@brick2 wrote:configured again, this time without root guard, and it stopped doing it. I do not understand why. If anyone knows, please explain.
Routguard does what it states, it guards ports from becoming root ports, meaning ports on switch facing towards the stp root switch of the stp domain,
Usually you would apply rootguard only on ports that you dont ever expect to become root ports, ( edge access-ports or on links interconnecting two different stp domains)
You dont apply rootguard to any switch interconnects (trunks) within a single stp domain doing so could lead to loss of stp convergence
So I am assuming the reason those errors went away when you remove rootguard was the fact you had it previously applied to the wrong ports
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide