Root Guard feature
The Root Guard feature guards a port or ports against such an occurrence by moving the port into a root inconsistent state based on the receipt of one of these superior BPDUs.
SW3(config)#int range fa0/19 - 24 SW3(config-if-range)#spanning-tree guard root
Verification of the feature is immediate thank to system meggasing. For example:
00:38:23: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port FastEthernet0/20.
Now that we have the feature enabled, let us test it and see what happens. Notice I will visit a device that is connected and issue superior BPDUs to the root bridge (SW3):
SW4(config)#spanning-tree vlan 1 priority 0
This triggers a new system message on SW3:
1d19h: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking port FastEthernet0/19 on VLAN0001.
We can see that the Root Guard feature has done its job! Now, in the event that you missed that console message, here is an excellent verification command for this feature:
SW3#show spanning-tree inconsistentports Name Interface Inconsistency -------------------- ---------------------- ------------------ VLAN0001 FastEthernet0/19 Root Inconsistent VLAN0001 FastEthernet0/20 Root Inconsistent VLAN0001 FastEthernet0/21 Root Inconsistent
No comments:
Post a Comment