Читать книгу CCNP Enterprise Certification Study Guide: Implementing and Operating Cisco Enterprise Network Core Technologies - Ben Piper, David Higby Clinton - Страница 80

Root Guard

Оглавление

Root Guard is a Spanning Tree extension that prevents another switch from becoming root. This can happen if someone adds a new switch with a lower bridge priority. You configure Root Guard on a per-interface basis. If the switch receives a superior BPDU on the port, it will place the port into a Root Inconsistent state and stop forwarding traffic to or from that port. Enable Root Guard by executing the interface command spanning-tree guard root on any ports that you do not want to become root ports.

For an example of how Root Guard works, refer to Figure 2.5 from our discussion on RSTP. SW3 is the current root. To prevent SW2 from becoming the root, we can configure Root Guard on the following ports:

 SW1:Gi0/0Gi0/1

 SW4:Gi1/0Gi1/1

Let's configure Root Guard on SW1:

SW1(config)#int range gi0/0-1 ! Enable root guard on the interfaces SW1(config-if-range)#spanning-tree guard root ! Enable Spanning Tree events debugging SW1(config-if)#do debug spanning-tree events

And on SW4:

SW4(config)#int range gi1/0-1 ! Enable root guard on the interfaces SW4(config-if-range)#spanning-tree guard root SW4(config-if-range)# *Sep 13 21:40:28.908: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port GigabitEthernet1/0. *Sep 13 21:40:28.921: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port GigabitEthernet1/1.do SW4(config-if-range)#do debug spanning-tree events Spanning Tree event debugging is on

SW3 is the current root. Let's attempt to make SW2 the root:

SW2(config)#spanning-tree vlan 1 priority 0

SW1 marks its ports facing SW2—Gi0/0 and Gi0/1—as Root Inconsistent:

SW1(config-if)# *Sep 13 21:46:17.848: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking port GigabitEthernet0/0 on VLAN0001. SW1(config-if)#do show spanning-tree inconsistentports Name Interface Inconsistency -------------------- ------------------------ ------------------ VLAN0001 GigabitEthernet0/0 Root Inconsistent VLAN0001 GigabitEthernet0/1 Root Inconsistent Number of inconsistent ports (segments) in the system : 2

Likewise, SW4 blocks its SW2-facing ports, placing them into a Broken (BKN) status:

SW4(config-if-range)#do show spanning-tree inconsistentports Name Interface Inconsistency -------------------- ------------------------ ------------------ VLAN0001 GigabitEthernet1/0 Root Inconsistent VLAN0001 GigabitEthernet1/1 Root Inconsistent Number of inconsistent ports (segments) in the system : 2 SW4(config-if-range)#do show span vl 1 | i Gi1/0|Gi1/1 Gi1/0 Desg BKN*4 128.5 P2p *ROOT_Inc Gi1/1 Desg BKN*4 128.6 P2p *ROOT_Inc

CCNP Enterprise Certification Study Guide: Implementing and Operating Cisco Enterprise Network Core Technologies

Подняться наверх