cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
517
Views
0
Helpful
1
Replies

root guard on cisco switch

sarahr202
Level 5
Level 5

Hi everybody

Please conside the following from my book:

"By default, a Catalyst switch detects an error condition on every switch port for every

possible cause. If an error condition is detected, the switch port is put into the errdisable

state and is disabled. You can tune this behavior on a global basis so that only certain

causes trigger any port being disabled. Use the following command in global configura-

tion mode, where the no keyword is added to disable the specified cause:

Switch(config)# [no] errdisable detect cause [all    |cause-name]

One of the following triggers the errdisable state:

■ all—Detects every possible cause

■ arp-inspection—Detects errors with dynamic ARP inspection

■ bpduguard—Detects when a spanning-tree bridge protocol data unit (BPDU) is re-

ceived on a port configured for STP PortFast

■ channel-misconfig—Detects an error with an EtherChannel bundle

■ dhcp-rate-limit—Detects an error with DHCP snooping

■ dtp-flap—Detectswhentrunkingencapsulationischangingfromonetypetoano

rootguard—Detects when an STP BPDU is received from the root bridge on an un-

expected port"

According to this book,  a rootguard-enabled port will be put in errdisable state if it receives a superior bpdu

However that same book says " rootguard automatically allows the port to be moved through stp states as soon as the superior bpdus no longer are received.

So what exactly happens once rootguard-enabled port receives a superior bpdu?  Is  it put in ' errdisable' state?  Do we enable that port using  shutdown  no shutdown command or  such port goes through stp states once it ceases to receive superior bpdu?

thanks and have agreat weekend

1 Accepted Solution

Accepted Solutions

acampbell
VIP Alumni
VIP Alumni

Hi,

When the rootguard port reecives superior BDPUs it blocks the port and a alert like this is presented

%SPANTREE-2-ROOTGUARDBLOCK: Port 1/1 tried to become non-designated in VLAN 77.

Moved to root-inconsistent state

The port will remain blocked for in this case VLAN 77 until it stops receiving the superior BDPUs when it will then automatically go through the STP states and returns to normal

This old link is an excellent reference

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

View solution in original post

1 Reply 1

acampbell
VIP Alumni
VIP Alumni

Hi,

When the rootguard port reecives superior BDPUs it blocks the port and a alert like this is presented

%SPANTREE-2-ROOTGUARDBLOCK: Port 1/1 tried to become non-designated in VLAN 77.

Moved to root-inconsistent state

The port will remain blocked for in this case VLAN 77 until it stops receiving the superior BDPUs when it will then automatically go through the STP states and returns to normal

This old link is an excellent reference

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: