Solved: Root in RSTP changes after closing the file

brick2 · ‎09-12-2024

I've been trying to set STP on my network in 5 switches. SW0-D (top left) is primary for vlans 1, 10, 20, 30, and is secondary for vlans 40, 50, 60, and vice versa for SW1-D. I already set VTP properly.

These are the commands I've used to set the STP (I tried to do this a lot of times, so I already tried multiple different orders to write these in):

in all SW-D
enable
configure terminal
spanning-tree mode rapid-pvst

in all SW-A
enable
configure terminal
spanning-tree mode rapid-pvst
spanning-tree vlan 10
spanning-tree vlan 20
spanning-tree vlan 30
spanning-tree vlan 40
spanning-tree vlan 50
spanning-tree vlan 60

interface range fastethernet0/1-12
spanning-tree bpduguard enable
spanning-tree portfast
exit

SW0-D

enable
configure terminal
spanning-tree vlan 1, 10, 20, 30 root primary
spanning-tree vlan 40, 50, 60 root secondary
interface range g0/1, g1/1, g2/1, g3/1, g4/1
spanning-tree guard root

SW1-D

enable
configure terminal
spanning-tree vlan 40, 50, 60 root primary
spanning-tree vlan 1, 10, 20, 30 root secondary

interface range g0/1, g1/1, g2/1, g3/1, g4/1
spanning-tree guard root

Once I was done with these commands, and used 'wr mem' in all switches, I closed the file, then reopened it. As soon as I entered SW0-D and SW1-D CLI, I saw multiple variations of these messages:

Moved to root-inconsistent state

%SPANTREE-2-ROOTGUARDBLOCK: Port 3/1 tried to become non-designated in VLAN 111.

Moved to root-inconsistent state

%SPANTREE-2-ROOTGUARDBLOCK: Port 3/1 tried to become non-designated in VLAN 23.

Moved to root-inconsistent state

I then used 'show spanning-tree sum', and both of SW0-D and SW1-D had all of the vlans as vlans theyre root for. I genuinely don't know where I've gone wrong.

I'm using cisco packet tracer v8.8.2.0400

EDIT: configured again, this time without root guard, and it stopped doing it. I do not understand why. If anyone knows, please explain.

paul driver · ‎09-12-2024

Hello

@brick2 wrote:configured again, this time without root guard, and it stopped doing it. I do not understand why. If anyone knows, please explain.

Routguard does what it states, it guards ports from becoming root ports, meaning ports on switch facing towards the stp root switch of the stp domain,

Usually you would apply rootguard only on ports that you dont ever expect to become root ports, ( edge access-ports or on links interconnecting two different stp domains)

You dont apply rootguard to any switch interconnects (trunks) within a single stp domain doing so could lead to loss of stp convergence

So I am assuming the reason those errors went away when you remove rootguard was the fact you had it previously applied to the wrong ports

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

paul driver · ‎09-12-2024

Hello

@brick2 wrote:configured again, this time without root guard, and it stopped doing it. I do not understand why. If anyone knows, please explain.

Routguard does what it states, it guards ports from becoming root ports, meaning ports on switch facing towards the stp root switch of the stp domain,

Usually you would apply rootguard only on ports that you dont ever expect to become root ports, ( edge access-ports or on links interconnecting two different stp domains)

You dont apply rootguard to any switch interconnects (trunks) within a single stp domain doing so could lead to loss of stp convergence

So I am assuming the reason those errors went away when you remove rootguard was the fact you had it previously applied to the wrong ports

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul