Root guard prevents the wrong switch from becoming the
spanning tree root. If a root guard port receives a superior BPDU that might
cause it to become a root port, the port is put into “root-inconsistent” state
and does not pass traffic through it. If the port stops receiving these BPDUs,
it automatically re-enable itself.
In short- Root Guard is similar to the BPDU Guard. Root
guard feature prevent a designating port from becoming a root port.
let see the configuration:-
Topology:
- configure the topology as per the diagram.
- configure switch2 root bridge
- configure root guard on fa 0/2
- after configure root guard make switch 3 as root bridge to see what will happen.
- we want switch 2 do not accept superior BPDU\ and make it root-inconsistent to that port.
SW-1(config)#interface range
fastEthernet 0/1-24
SW-1(config-if-range)#shutdown
SW-1(config-if-range)#exit
SW-2(config)#interface range
fastEthernet 0/1-24
SW-2(config-if-range)#shutdown
SW-2(config-if-range)#exit
SW-3(config)#interface range
fastEthernet 0/1-24
SW-3(config-if-range)#shutdown
SW-3(config-if-range)#exit
SW-4(config)#interface range
fastEthernet 0/1-24
SW-4(config-if-range)#shutdown
SW-4(config-if-range)#exit
SW-1(config)#interface fastEthernet
0/1
SW-1(config-if)#switchport trunk
encapsulation dot1q
SW-1(config-if)#switchport mode
trunk
SW-1(config-if)#no shutdown
SW-1(config-if)#exit
SW-2(config)#interface range fastEthernet 0/1-2
SW-2(config-if-range)#switchport trunk encapsulation dot1q
SW-2(config-if-range)#switchport mode trunk
SW-2(config-if-range)#no shutdown
SW-2(config-if-range)#exit
SW-3(config)#interface range fastEthernet 0/2-3
SW-3(config-if)#switchport trunk encapsulation dot1q
SW-3(config-if)#switchport mode trunk
SW-3(config-if)#no shutdown
SW-3(config)#exit
SW-4(config)#interface fastEthernet
0/3
SW-4(config-if)#switchport trunk
encapsulation dot1q
SW-4(config-if)#switchport mode
trunk
SW-4(config-if)#no shutdown
SW-4(config-if)#exit
SW-4(config)#
SW-4(config)#exit
SW-2(config)#exit
![]() |
FROM SWITCH-1 |
![]() |
FROM SWITCH-2 |
(from the above output you can see switch-2 is our root bridge)
![]() |
FROM SWITCH-3 |
![]() |
FROM SWITCH-4 |
(now we are going to configure root guard on our root bridge fa0/2)
SW-2(config-if)#spanning-tree guard root
(now we are going to configure switch-3 as root bridge to generate superior BPDU. make sure our legal switch 2 put fa0/2 in root-inconsistent state).
SW-3(config)#spanning-tree vlan 1 priority 4096
SW-3(config)#exit
SW-2#
%SYS-5-CONFIG_I: Configured from console by console
SW-2#%SPANTREE-2-ROOTGUARDBLOCK: Port 0/2 tried to become non-designated in VLAN 1.
Moved to root-inconsistent state
No comments:
Post a Comment