I have a question about the design guide on LAN with the root guard.
In my example, I have 2 Core switch : Core A and Core B. Core A is root bridge for vlan 1 to 10 and Core B is root bridge for vlan from 11 to 20.
I have only one distribution switch which is connected to the 2 Core switches.
In the design guide it's wrote that we have to configure Root Guard on each interface where the root bridge should not appear. In my case my 2 Core switches are root bridge for differents vlans and I use PVST. So, where must I configure Root Guard on the networks ?
Thank you by advance.
The concern is that if someone were to plug another switch into your distribution switch, and that switch was configured with a lower priority, it could become the root.
As the previous posters stated, this feature is intended for connectivity providers. Lets say you were in the data center biz, and folks brought their servers into your data center, and paid to connect to your distribution switch. You wouldn't want those people sending you BPDUs, so you'd turn on root guard on the ports where your customers plug in. I used to work for a company that provided data center connectivity, and even though we told our customers they could only plug servers into the ports we provided for them, we'd at times catch them plugging switches and routers into the ports, then building there own little infrastructure off the one prot we provided. If one of their switches had a lower bridge priority then ours they could potentially take over as root, which would be BAD! That's what root guard is supposed to prevent