Wired Intelligent Edge (Campus Switching and Routing)

 View Only
last person joined: one year ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of HPE Aruba Networking switching devices, and find ways to improve security across your network.
Back to Library

How Does Spanning-Tree Root-Guard Operate? 

Apr 30, 2020 04:00 PM

Q:

How does Spanning-Tree Root-Guard operate?



A:

The spanning-tree root-guard configuration sets ports to ignore superior BPDUs to prevent it from becoming root port.

In the following example, switches Rack2sw1 and Rack2sw2 are configured for spanning-tree protocol. Switch Rack2sw1 is configured with the spanning-tree priority of two and Rack2sw2 is configured with the spanning-tree priority of eight. Switch Rack2sw1 will become the spanning-tree root being it has a lower priority. Interface 24 on switch Rack2sw1 is configured for root-guard.

Testing is accomplished by changing the spanning-tree priority on switch Rack2sw2 to zero. Interface 24 on switch Rack2sw1 changes state to inconsistent and a blocked port by spanning-tree message is logged


********** Switch Rack2sw1 Configuration **********


Rack2sw1# show config | begin spanning-tree

spanning-tree
spanning-tree priority 2


Rack2sw1# show config interface 24

interface 24
   untagged vlan 12
   spanning-tree root-guard


********** Switch Rack2sw2 Configuration **********


Rack2sw2# show running-config | include spanning-tree

spanning-tree priority 8


********** Switch Verification **********


Rack2sw1# show spanning-tree | include CST

  CST Root MAC Address : 941882-a36540 <==== Same Root Addresses
  CST Root Priority    : 8192
  CST Root Path Cost   : 0
  CST Root Port        : This switch is root


Rack2sw2# show spanning-tree | include CST

  CST Root MAC Address : 941882-a36540 <==== Same Root Addresses
  CST Root Priority    : 8192
  CST Root Path Cost   : 20000
  CST Root Port        : 24


********** Testing **********


Rack2sw2(config)# spanning-tree priority 0

 
********** Testing Verification **********
 

Rack4sw1# show spanning-tree inconsistent-ports

 Instance ID Blocked Port Reason
 ----------- ------------ -------------------------
 CST         24           Root Guard
 CST         A1
 CST         A2
 CST         B1
 CST         B2


Rack2sw1# show logging -r
 Keys:   W=Warning   I=Information
         M=Major     D=Debug E=Error
----  Reverse event Log listing: Events Since Boot  ----
I 01/01/90 00:44:44 00435 ports: port 24 is Blocked by STP


Rack2sw1# show spanning-tree | include CST

  CST Root MAC Address : 941882-a36540 <==== Different Root Addresses
  CST Root Priority    : 8192
  CST Root Path Cost   : 0
  CST Root Port        : This switch is root

 

Rack2sw2# show spanning-tree | include CST

  CST Root MAC Address : 941882-a48880 <==== Different Root Addresses
  CST Root Priority    : 0
  CST Root Path Cost   : 0
  CST Root Port        : This switch is root

Statistics
0 Favorited
8 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.