cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
342
Views
0
Helpful
2
Replies

rootguard feature

sarahr202
Level 5
Level 5

Hi every body!

I find in chapter 4 of cisco press book that by default cisco switch detect all the following causes among others and put the port in erridisable state if it finds any:

rootguard,loopguard,bpduguard. etc

Once the port is in errdisable state, we need to enable it manually or we configure aotomatic recovery.

thanks a lot!

Then in same book , in chapter 10, my book says" rootguard feature reanable the port once the superior bpdu stop appearing on the port"

My point is it is only possible automatic recovery is configured by" erridisable recovery cause" command.

Am i correct?

thanks a lot!

1 Accepted Solution

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Sarah,

loop guard and root guard are able to recover by themselves see for example this fresh log:

Jan 16 21:47:33: %SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port GigabitEthernet0/1 on VLAN0032.

Jan 16 21:47:34: %SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port GigabitEthernet0/1 on VLAN0019.

Jan 16 21:47:47: %SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port GigabitEthernet0/1 on VLAN0019.

instead bpdu guard puts the port in errordisable and so it requires manual change or automatically recover time.

one key point is that loop guard and I think also root guard are Vlan specific (see the messages above) and put the ports in spannning tree inconsistent state (again per vlan)

bpdu guard is thought for an access port and its action is port based not vlan based

Hope to help

Giuseppe

View solution in original post

2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Sarah,

loop guard and root guard are able to recover by themselves see for example this fresh log:

Jan 16 21:47:33: %SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port GigabitEthernet0/1 on VLAN0032.

Jan 16 21:47:34: %SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port GigabitEthernet0/1 on VLAN0019.

Jan 16 21:47:47: %SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port GigabitEthernet0/1 on VLAN0019.

instead bpdu guard puts the port in errordisable and so it requires manual change or automatically recover time.

one key point is that loop guard and I think also root guard are Vlan specific (see the messages above) and put the ports in spannning tree inconsistent state (again per vlan)

bpdu guard is thought for an access port and its action is port based not vlan based

Hope to help

Giuseppe

Thanks a lot!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco