Spanning-Tree Root Guard
Amy L.
configuration. All closet switches have a connection to each core.
Once core is set to be the primary root, and the second 4506 is set to
be the secondary root.
I was looking at the following command "spanning-tree guard root".
It seems that I would place this on all my ports on the root that
connect to the closet switches. My understanding if it received a
more favorable BPDU on that port on the core switch it would shut that
link down preventing a STP topology change.
Couple of questions based on this?
1.) How often is this command really used?
2.) Is this more of a safety feature?
3.) Would this command just be placed on the Root switch? Would I
leave this off of the Second 4506 which is configured as a sucessor to
the root switch in case of failure?
Amy.
Steve Blair
Amy:
root guard prevents a rogue spanning tree device
from advertising that it should be the root bridge.
Basically a way to stop spanning tree as you've
constructed it from being compromised by an outside
device. This command will not stop all BPDUs. There
is another command to tell your switches to ignore
all BPDUs on a link but I forget what it is.
-Steve