Understanding Root Guard - Cisco Catalyst 2950 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2950:
- Configuration manual (710 pages) ,
- Command reference manual (686 pages) ,
- Software configuration manual (674 pages)
Table of Contents
Advertisement
Understanding Optional Spanning-Tree Features
Understanding Root Guard
The Layer 2 network of a service provider (SP) can include many connections to switches that are not
owned by the SP. In such a topology, the spanning tree can reconfigure itself and select a customer switch
as the root switch, as shown in
interfaces that connect to switches outside of your customer's network. If spanning-tree calculations
cause an interface in the customer network to be selected as the root port, root guard then places the
interface in the root-inconsistent (blocked) state to prevent the customer's switch from becoming the root
switch or being in the path to the root.
If a switch outside the network becomes the root switch, the interface is blocked (root-inconsistent state),
and spanning tree selects a new root switch. The customer's switch does not become the root switch and
is not in the path to the root.
If the switch is operating in multiple spanning-tree (MST) mode, root guard forces the port to be a
designated port. If a boundary port is blocked in an internal spanning-tree (IST) instance because of root
guard, the port also is blocked in all MST instances. A boundary port is a port that connects to a LAN,
the designated switch of which is either an 802.1D switch or a switch with a different MST region
configuration.
Root guard enabled on an interface applies to all the VLANs to which the interface belongs. VLANs can
be grouped and mapped to an MST instance.
If your switch is running PVST or MSTP, you can enable this feature by using the spanning-tree guard
root interface configuration command. The MSTP is available only if you have the enhanced software
image installed on your switch.
Misuse of the root-guard feature can cause a loss of connectivity.
Caution
Figure 12-10 Root Guard in a Service-Provider Network
Catalyst 2950 Desktop Switch Software Configuration Guide
12-12
Customer network
Potential
STP root without
root guard enabled
Chapter 12
Figure
12-10. You can avoid this situation by configuring root guard on
Enable the root-guard feature
on these interfaces to prevent
switches in the customer
network from becoming
the root switch or being
in the path to the root.
Configuring Optional Spanning-Tree Features
Service-provider network
Desired
root switch
78-11380-04
Advertisement
Table of Contents
Troubleshooting
