Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
706
Views
0
Helpful
1
Replies

STP: Placement of Root Guard

akhran1974
Level 1
Level 1

‎03-16-2008 01:14 PM - edited ‎03-05-2019 09:47 PM

Please help to advise on the ports to configure guard root so that Sw1 can remain as the Root, in the event the priorities of Sw2, Sw3, Sw4 or Sw5 are reduced.

For both examples, please assume all else are equal (priority, link cost, etc).

For Example 1, should I place guard root on

Sw2 F0/3,

Sw3 F0/3,

Sw1 F0/1 and 0/2?

OR

Sw2 F0/2 and F0/3,

Sw3 F0/2 and F0/3?

For Example 2, should I place guard root on

Sw2 F0/3 and F0/4,

Sw3 F0/3 and F0/4,

Sw1 F0/1 and F0/2?

OR

Sw2 F0/2, F0/3, F0/4,

Sw3 F0/2, F0/3, F0/4?

Any other combination is welcomed.

Thanks.

Labels:
Preview file
96 KB
0 Helpful
1 Reply 1

Francois Tallet
Level 7
Level 7

‎03-17-2008 07:47 AM

Nobody can really answer your question without knowing what you are ready to sacrifice;-)

Rootguard is not something that is designed to make sure that bridge X is the root. For instance, if I configure rootguard on all the ports of a particular bridge, I'm sure it's going to be a root bridge. However, it might be entirely disconnected from the network and break connectivity throughout my backbone!

Basically, rootguard is a feature allowing you to enforce a policy. A root port of a given bridge is the port that is connecting the subtree below the bridge to the rest of the network. By configuring rootguard on a port, you prevent it from ever becoming a root port. So the policy I was referring to sounds like: I'd rather lose connectivity to the rest of the network rather than accepting connectivity through this port. That's this policy that is missing in your post.

Typically, you configure rootguard on edge port for instance, because you'd rather lose connectivity to an edge port rather that accepting connectivity through it.

Often, you want to enforce a policy that you don't want to use an access bridge as a backup to your backbone. For example, in your example 1 or 2, you don't want to use the link sw4-sw5 as a backup path should connectivity be lost between sw2-sw3. You'd rather split your network in two rather than doing that. In that case, you would configure rootguard on the downstream ports on sw2-sw3 (f0/3, f0/4).

Regards,

Francois

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card