Of course you were right I drew the conclusions from your valuable contribution. By numbers I meant you and Syed's numbers :)
On Tue, Nov 15, 2011 at 11:58 PM, Pedram Zadeh <[email protected]>wrote: > My comments were right as also "Numbers" stated. If the requirements are > exactly as you mentioned in details, then using root guard on R3---R1 and > R4----R2 is the correct answer. > If the question is what Amit just asked without those details: > > > >>hi guys, > > >>Yes all i want is R5 to be the root and there is no notion of secondary > root bridges.. > >>So now with the below diagram kindly let me know on what interfaces > should root guard be enabled? > > >> R5 > >> | | > >> | | > >>| | > >>R3---------R4 > >>| | > >>| | > >>R1---------R2 > > then answer is that root guard is not recommended to be used on redundant > links. > > Pedram. > On Tue, Nov 15, 2011 at 11:49 PM, Oluwagbenga Oyebande < > [email protected]> wrote: > >> Numbers speak louder than words. thanks for the enlightnment >> >> The numbers say we can use root guard on R1-R3 and R2-R4 to meet >> requirement of R5 as root bridge. Very good. >> >> Amit, >> >> This answer is given because you (being our proctor for now) may have >> given >> them the impression that: >> 1. you do not want a secondary root bridge >> 2. you do not want the normal redundancy of spanning tree to function in >> any way that will compromise R5's status as root port. >> >> *Amit* pls confirm that these are your requirements. >> >> >> recovery from root-inconsistent state caused by root guard is automatic >> after superior bpdu stops, so you don't have to bother about that. >> >> >> Amit, let me try to answer your other question. >> >> "What should go wrong if I have this commmand on Root Swtich." >> >> R1--------R 3-__ >> | | __ __ R5 R3 and R4 is connected to R5 >> | | _ >> R2--------R4- >> I want R5 to be the root Bridge. >> >> if this command is on the root switch and your requirements are as above >> then it will simply protect only the root switch from submitting >> root privileges to a rogue switch. In such a situation it would disable >> it's link to R3 and R4 if any of these switches (which may have multiple >> admins) believes it is the root, bcos a better bridgeID is suddenly >> configured on it. The disabled link can be limited to the offending switch >> (either R3 or R4) if you also "*enable root guard on R3 and R4 trunk ports >> facing the non root **switches...*" as Micheal Davis suggested >> >> >> so for full protection of R5's root status without any regard to >> redundancy you could have root guard configuration on : >> 1. On the root switch's(R5) ports connected to R3 and R4 (this is not very >> common, but is warranted by your requirements) >> 2. On R3's ports connected to R4 and R1 >> 3. On R4's ports connected to R3 and R2 >> 4. On R1 & R2s' non-root ports >> >> >> If you put root guard on your root switch (as in number 1); this will be >> the consequence >> >> Switch R5 blocks the port that connects to Switch R3 or R4, after the >> switch receives a superior BPDU. Root guard puts the port in the >> root-inconsistent STP state. No traffic passes through the port in this >> state. After device R3 or R4 ceases to send superior BPDUs, the port is >> unblocked again. Via STP, the port goes from the listening state to the >> learning state, and eventually transitions to the forwarding state. >> Recovery is automatic; no human intervention is necessary. >> >> This message appears after root guard blocks a port: >> >> %SPANTREE-2-ROOTGUARDBLOCK: Port 1/1 tried to become non-designated in >> VLAN 77. >> Moved to root-inconsistent state >> >> reference >> >> >> http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml >> >> if it is a lab then it's fine. If it is a live network, be warned. >> >> >> -- >> Olugbenga Oyebande >> MD, DAIT >> 234-803-302-5287 >> http://www.dait-ng.com >> Cisco Unified Network, VPN >> DAIT Enterprise Network Servers >> Broadband Internet Deployment & ISP Consultancy >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > > -- -- Olugbenga Oyebande MD, DAIT 234-803-302-5287 http://www.dait-ng.com Cisco Unified Network, VPN DAIT Enterprise Network Servers Broadband Internet Deployment & ISP Consultancy _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
