2.4 KiB
id, aliases, tags
| id | aliases | tags | |
|---|---|---|---|
| 1779981231-AJMV |
|
Root Guard (STP Toolkit)
STP prevents loops by electing a root bridge and ensuring that each other switch has only one valid path to reach it.
YOu shouldn't randomly select the root bridge. Some things you should consider include:
- Optimal traffic flow
- minimize latency
- minimize congestion
- Stability and reliability
The Problem
Within your own LAN, you can easily control the root brdige by setting its priority to 0.
- But there are cases where you might connect your LAN to other switches outside of your direct control:
- A service provider offering Metro Ethernet service to customers
- Often used to connect sites within a MAN
- A service provider offering Metro Ethernet service to customers
- Even if you set your root bridge's priority to 0, its role can be taken by another switch with a lower MAC address .
The solution
- Root Guard can be configured to protect your STP topology by preventing your switches from
accepting superior BPDUs from switches outside of your control.
- Superior BPDUs = a BPDU that is superior in the STP algorith (e.g Claiming a better root bridge ID). If you want to ensure that the root bridge rmains in your LAN, you can configure Root Guard on the ports connected to switches outside of your control
To enable root Guard on a port
SW1(config-if) spanning-tree guard root
There is no command to enable it by default from global config mode
If a Root Guard-enabled port receives a BPDU, it will enter the Broken (Root inconsistent) state effectively disabling it
- The port will not able to forward data frames and will discard any frames it receives.
To re-enable a port disabled by Root Guard, you must solve the issue that disabled the port
- the disabled port must stop receiving superior BDPUs.
- tell the customer to increase the priority value of their switch.
Once teh superior BPDUs received age out, the ports will automatically be re-enabled.
- A BPDU's Max Age is 20 seconds by default.
To see the Root guard
SW1(config-if)# do show spanning-tree
## if it's broken
Gi0/1 Desg BKN*4 128.3 P2p *ROOT_Inc
BKN = Broken
ROOT_Inc = Root inconsistent
## if it's Work
Gi0/1 Desg FWD 4 128.3 P2p
Review
Prevents a port from becoming a Root Port by disabling it if superior BPDUs are received, Thereby enforcing the current Root Bridge