i have 3 switch connected in triangle fashion, A-B-C-A and i have force switch A to Root bridge by command "root primary" Now i am adding one more switch into network setup, i.e Switch D, i am modifying switch prioriy manualy 2 , in that case all who wil be root bride.
All the switch are in Vlan100.
Please tell me i am stuck up in the middle of reading ..
If you used the 'spanning-tree vlan x root primary' command, then switch A's priority is either 8192 or 24576 now, depending on the switch model (assuming all other switches have the default priority value of 32768).
If you now add switch D with priority 2, then it will become the root bridge because of its lower priority value.
There are 2 ways of defining root-bridge & secondary root-bridge in STP. Either u change the priority values for each vlan or you manually define root & secondary with command.
If you already have Switch A as root with "spanning-tree vlan x root primary", then make your other switch as secondary root with command "spanning-tree vlan y root secondary". Thus no need to play with Priorities. Lot of ppl confuse with higher priority to be a spaning tree root & commit mistakes in production.Thus manual comands will keep u on safer side.
Even when you configure a switch as the primary, there is no absolute guarantee that it will stay the root switch forever.
You as the network administrator should take measures to ensure that.
- if you manually change the priority of another switch to a lower value than the priority of the current root, it will then take over the role of the root.
- another example: if someone connects a switch to your existing network with a lower priority value, again the new switch can take over the role of the root.
To protect your network against STP reconvergence it is recommended to use the spanning-tree rootguard feature on ports where you do not expect BPDUs from a root switch (that is the user access ports).
You can use the "spanning-tree guard root" interface config command for this. It will protect against rogue switches from becoming root in your network.
I agree with Istvan. What is important is what is configured as a root priority on the bridge. Remember that the "spanning-tree root" command is nothing more that a macro that is doing to set a root priority value for you. Even if you put 0 as a root priority (the best value), you could not be sure that this bridge becomes root bridge, because it can still be beaten based on bridge mac-address by another bridge configured with 0 as a priority. STP needs cooperation between the bridges. If you expect that some "hostile" device introduce a lower root priority, as Istvan mention, you should use additional measures to isolate trusted vs non trusted devices (root guard, bpduguard etc...).
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...