Wired Intelligent Edge

last person joined: 6 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

How to enable root guard on my 2930F stack

This thread has been viewed 3 times

  • 1.  How to enable root guard on my 2930F stack

    Posted Aug 31, 2020 04:32 PM

    Hello to all,
    I've had some loop problems on my network that have caused the entire network to go down. Unfortunately I have many unmanageable switches (HP 1410/1420) on my three floors that have no mechanisms to prevent loops. So I put a few HP v1910 between those switches and my 4 Aruba 2930F VSF stack. A description of the topology would be:

     

                                ALL SERVERS
    ---------------------------------------------------------------------
    |                      4 aruba 2930f ring stack                     |
    ---------------------------------------------------------------------
          |                                |                               |
          |                                |                               |
    HP_v1910              HP_v1910                 HP_v1910
          |                                |                               |
          |                                |                               |
    first floor             second floor                third floor
    switches                switches                  switches

    (around 10)          (around 14)             (around 16) 

     

    The v1910 switches are not connected to each other. They concentrate the unmanaged switches on each of the floors. These v1910 switches have RSTP enabled on all ports. They then connect to the stack via two-port LACP trunks with RSTP enabled as well.
    I have done several tests and I have effectively stopped the excessive broadcast from the unmanageable switches on the v1910 ports.
    However, I was recommended to activate RSTP on the Aruba stack and activate Root Guard.

    Could someone tell me why this would be advisable and how I should configure it?

     

    Best regards,

    Gabriel



  • 2.  RE: How to enable root guard on my 2930F stack
    Best Answer

    EMPLOYEE
    Posted Sep 01, 2020 05:59 AM

    Hi,

     

    It is good idea to implement a layer 2 protection protocol as a backup mechanism to prevent layer 2 loops. You will need to configure your 2930F as the root bridge with lowest priority (all its ports will be forwarding) and protect all its ports towards the 1910 switches. You don't want any 1910 switch to advertise itself as root bridge so on your 2930F switch you configure your downlink ports connected to these switches with root-guard to prevent learning superior BPDU advertisements from these ports.

     

    switch(config)# spanning-tree <interface> root-guard

     I strongly recommend you check this guide https://support.hpe.com/hpesc/public/docDisplay?docId=a00091305en_us page 291 onwards before doing any change.