Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
915
Views
0
Helpful
2
Replies

where can i config spanning tree root guard

fly
Level 2
Level 2

‎02-20-2012 06:45 AM - edited ‎03-07-2019 05:02 AM

Hi dear ALL,

    If i config root guard on root switch , if network is large , any downside switch can cause root switch interface change to block status. this will affect customer important traffic pass through the root switch.

   if i confi root guard feature on access switch,   there are many many access switches,  config task is huge

    if i config two mst instance , one root on 6509-1  the other instance root on 6509-2   how can i config root guard on two switch.  can root guard distinguish between different vlan bpdu priority?

  

    thank you!

    Jeremy

Labels:
0 Helpful
2 Replies 2

rais
Level 7
Level 7

‎02-20-2012 07:09 AM

You should enable RootGuard where there is a danger of new switch [with better credentials] to show up. That would be the access switches. Once your network topology is stabilized, any additions to it is where the danger could be.

You can use:

interface range gigabitEthernet 1/1-24

spanning-tree guard root

The best way is to automate your config tasks.

Rais.

0 Helpful

fb_webuser
Level 6
Level 6

‎02-20-2012 07:51 AM

spanning-tree guard root

is configured on a switch port to prevent that port from becoming a root port.

Usually you do this when it is a link to a network that you do not control.

If you want to discourage a switch from becoming a root switch use

spanning-tree vlan 1 priority ?

Also take a look at

spanning-tree bpdufilter enable

spanning-tree bpduguard disable

Might be what you are looking for

---

Posted by WebUser Stuart Gall

0 Helpful
Customers Also Viewed These Support Documents