Priority 0 is still no guarantee in the real world. You could always have a switch with a lower MAC address also configured for priority 0. Or it need not even have a lower MAC if it is a switch where the MAC address conservation feature "system extend-id" can be disabled (resulting in the VLAN ID not being included as part of the priority value, thus winning over a switch that does have MAC address conservation enabled).
Also, root guard does not err-disable the port, it puts it into "Root Inconsistent" state, which is effectively a blocking state. I mention this because it hasn't technically stopped the rogue root from becoming the "best" switch on the network, you've just stopped any other switch from hearing about it. Hopefully. :-) STP -- the endless election. Best, Bob McCouch CCIE #38296 HerdingPackets.net On Sun, Jul 20, 2014 at 1:49 PM, Donald Robb <[email protected]> wrote: > Yup in the CCIE there really isn’t any reason not to use priority 0 if the > lab wants a certain switch to be root. > > > > Cheers, > > Donald Robb > > Productive Networks / Network Consultant > > CCIE Written, CCIP, CCSP, CCDP, CCNP: R&S/Security, CCNA: DC/Voice, JNCIP, > SCP, MCSA 2012, VCA-DCV, CCA: XenApp 6, Security+, CCSE.R65, PACE > > > > From: L. Jankok [mailto:[email protected]] > Sent: July 20, 2014 1:16 AM > To: Donald Robb; 'Ahmed Haji Munye'; 'CC IE' > Subject: Re: [OSL | CCIE_RS] Any definition why I can lower priority on > Cat 3 all though I configured root guard on CA1? > > > > Exactly, that is why I only said priority 0 :) > > Op Sat, 19 Jul 2014 15:14:19 -0600 > > Donald Robb <[email protected] <mailto:[email protected]> > > schreef: > > : Actually the job of root guard is to errdisable any links that receives a > > : superior BPDU in order to protect the root. > > : Just a friendly reminder that it could lead to traffic loss or silo'd > > : switches in the real world :) > > : > > : Cheers, > > : Donald Robb > > : Productive Networks / Network Consultant > > : > > : CCIE Written, CCIP, CCSP, CCDP, CCNP: R&S/Security, CCNA: DC/Voice, > JNCIP, > > : SCP, MCSA 2012, VCA-DCV, CCA: XenApp 6, Security+, CCSE.R65, PACE > > : > > : -----Original Message----- > > :From: [email protected] <mailto: > [email protected]> > > : [mailto:[email protected]] On Behalf Of Ahmed Haji > Munye > > : Sent: July 17, 2014 3:31 PM > > : To: CC IE > > : Subject: [OSL | CCIE_RS] Any definition why I can lower priority on Cat 3 > > : all though I configured root guard on CA1? > > : > > : > > : > > : > > : Hi > > : > > : I am using the Proctor lab Switches and they are all 3560, and I can > still > > : lower priority on cat 3 when I configured root guard on Cat 1. > > : > > : The job of the root guard is to prevent any other switches from becoming > > : root bridge. > > : > > : Any definition why I can lower priority on Cat 3 all though I configured > > : root guard on CA1? > > : > > : Regards > > : Ahmed > > : __________________________________________ _____ > > :Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > : > > : iPexpert on YouTube: www.youtube.com/ipexpertinc < > http://www.youtube.com/ipexpertinc> > > : _______________________________________________ > > :Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > : > > : iPexpert on YouTube: www.youtube.com/ipexpertinc < > http://www.youtube.com/ipexpertinc> > > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc > _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
