Re: Root Guard on vlan interfaces

mbagnes · ‎05-02-2024

Hi, community,

I have some doubts about the feature Root Guard. My scenario is four VLANs on two distribution switches and some access switches connected to the upper layer. Switch A is the root bridge for VLANs 1 and 2, while Switch B is the root bridge for VLANs 3 and 4.

So, if I enable Root Guard on the physical interface on Switch A, it will cause problems with BPDUs for VLANs 3 and 4, leading to the interface being blocked. The IOS allowed me to configure Root Guard on the VLAN interface, but it didn't work as expected in GNS3 when I tested.

My concern is that I don't know if it`s a bad conf or the image doesn't work properly. Thanks in advance.

MHM Cisco World · ‎05-02-2024

Sorry but I dont see SW-A

MHM

mbagnes · ‎05-07-2024

Sorry, my mistake. Switch A = B-00-SW01, and Switch B = B-00-SW02

MHM Cisco World · ‎05-07-2024

Root guard make issue if you config it in B00SW1/2

You need to config it one layer down in B01-B02-B03 in link connect these SW to access SW.

MHM

MHM Cisco World · ‎05-07-2024

paul driver · ‎05-02-2024

Hello
Really you only would require root guard on interconnect links between 2 differing stp domains, so you can control the root ports between those stp domains, But within a single stp domain , not sure its really required as you would want fail over to happen in the event you lost some links on the root switch(s) and not isolation of those links

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul