Root Guard

stheriault99 · ‎02-26-2008

Hi,

I have a Catalyst 6513 acting has my root bridge. All my access switches are trunk in an etherchannel back to my Catalyst 6513. I need to add a switch to my Catalyst 6513 with an etherchannel trunk. Now to make sure that my new switch does not become the new root bridge, I want to enable the â€œspanning-tree guard rootâ€ command. Do I enable this command on my Catalyst 6513 ports or on my new switch uplink ports?

Is there any other precaution that I should take to make sure that my new switch dos not become my root bridge?

mohammedmahmoud · ‎02-26-2008

Hi,

Root Guard Prevents a switch connected through this port from being elected as the spanning-tree root bridge, thus you need to configure it on your 6513 port connected to the new switch.

The only constrain is that you can't enable the root guard on interfaces simultaneously with UplinkFast feature (which i think wouldn't be an issue in your case). With UplinkFast, the backup interfaces (in the blocked state) replace the root port in the case of a failure. However, if root guard is also enabled, all the backup interfaces used by the UplinkFast feature are placed in the root-inconsistent state (blocked) and are prevented from reaching the forwarding state.

[edit] You should of course have increased the priority on the new switch to be higher than any other configured priority - i mean controlling the root bridge election in the first place - in your topology i think it might be easier to use "root primary" command on your 6513.

BR,

Mohammed Mahmoud.