Tuesday, 15 January 2019

What is Root guard and how to configure?


Root guard prevents the wrong switch from becoming the spanning tree root. If a root guard port receives a superior BPDU that might cause it to become a root port, the port is put into “root-inconsistent” state and does not pass traffic through it. If the port stops receiving these BPDUs, it automatically re-enable  itself.






In short- Root Guard is similar to the BPDU Guard. Root guard feature prevent a designating port from becoming a root port.

let see the configuration:-

Topology:

 Goal:
  • configure the topology as per the diagram.
  • configure switch2  root bridge
  • configure root guard on fa 0/2
  • after configure  root guard make switch 3 as root bridge to see what will happen.
  • we want switch 2 do not accept superior BPDU\ and make it root-inconsistent to that port.


SW-1(config)#interface range fastEthernet 0/1-24

SW-1(config-if-range)#shutdown
SW-1(config-if-range)#exit

SW-2(config)#interface range fastEthernet 0/1-24
SW-2(config-if-range)#shutdown
SW-2(config-if-range)#exit

SW-3(config)#interface range fastEthernet 0/1-24
SW-3(config-if-range)#shutdown
SW-3(config-if-range)#exit

SW-4(config)#interface range fastEthernet 0/1-24
SW-4(config-if-range)#shutdown
SW-4(config-if-range)#exit

SW-1(config)#interface fastEthernet 0/1
SW-1(config-if)#switchport trunk encapsulation dot1q
SW-1(config-if)#switchport mode trunk
SW-1(config-if)#no shutdown
SW-1(config-if)#exit

SW-2(config)#interface range fastEthernet 0/1-2
SW-2(config-if-range)#switchport trunk encapsulation dot1q
SW-2(config-if-range)#switchport mode trunk
SW-2(config-if-range)#no shutdown
SW-2(config-if-range)#exit

SW-3(config)#interface range fastEthernet 0/2-3
SW-3(config-if)#switchport trunk encapsulation dot1q
SW-3(config-if)#switchport mode trunk
SW-3(config-if)#no shutdown
 SW-3(config)#exit

SW-4(config)#interface fastEthernet 0/3
SW-4(config-if)#switchport trunk encapsulation dot1q
SW-4(config-if)#switchport mode trunk
SW-4(config-if)#no shutdown
 SW-4(config-if)#exit
SW-4(config)#
SW-4(config)#exit

SW-2(config)#spanning-tree vlan 1 priority 8192
SW-2(config)#exit


FROM SWITCH-1
FROM SWITCH-2
                         (from the above output you can see switch-2 is our root bridge)

FROM SWITCH-3



FROM SWITCH-4


(now we are going to configure root guard on our root bridge fa0/2)

SW-2(config)#interface fastEthernet 0/2
SW-2(config-if)#spanning-tree guard root
SW-2(config-if)#exit

(now we are going to configure switch-3 as root bridge to generate superior BPDU. make sure our legal switch 2 put fa0/2 in  root-inconsistent state).

SW-3(config)#spanning-tree vlan 1 priority 4096
SW-3(config)#exit

SW-2#
%SYS-5-CONFIG_I: Configured from console by console

SW-2#%SPANTREE-2-ROOTGUARDBLOCK: Port 0/2 tried to become non-designated in VLAN 1.
Moved to root-inconsistent state







 


 


Instagram

Facebook


Twitter



LINKEDIN








at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

What is Switch Port Analyzer SPAN, RSPAN? How to configure SPAN and RSPAN?

   What are SPAN and RSPAN? Cisco Catalyst Switches have a feature called SPAN (Switch Port Analyzer). This feature is used for directing ...