02-20-2012 06:45 AM - edited 03-07-2019 05:02 AM
Hi dear ALL,
If i config root guard on root switch , if network is large , any downside switch can cause root switch interface change to block status. this will affect customer important traffic pass through the root switch.
if i confi root guard feature on access switch, there are many many access switches, config task is huge
if i config two mst instance , one root on 6509-1 the other instance root on 6509-2 how can i config root guard on two switch. can root guard distinguish between different vlan bpdu priority?
thank you!
Jeremy
02-20-2012 07:09 AM
You should enable RootGuard where there is a danger of new switch [with better credentials] to show up. That would be the access switches. Once your network topology is stabilized, any additions to it is where the danger could be.
You can use:
interface range gigabitEthernet 1/1-24
spanning-tree guard root
The best way is to automate your config tasks.
Rais.
02-20-2012 07:51 AM
spanning-tree guard root
is configured on a switch port to prevent that port from becoming a root port.
Usually you do this when it is a link to a network that you do not control.
If you want to discourage a switch from becoming a root switch use
spanning-tree vlan 1 priority ?
Also take a look at
spanning-tree bpdufilter enable
spanning-tree bpduguard disable
Might be what you are looking for
---
Posted by WebUser Stuart Gall
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide