Configuring STP Root Guard

Root guard is a feature available in PVST+ and MST that protects the LAN from an undesired switcl root. This feature can prove useful when integrating two LANs or VLANs and you want to preserve t root switch in one LAN or VLAN from another switch becoming root of the network. It may also be i service provider network for extra security to prevent a customer's network from becoming root ov provider.

Figure 1-25 illustrates where STP root guard would be used in VLAN 5. STP root guard will be appli VLANs on the trunk or interface; for the purposes of this discussion, however, VLAN 5 is covered. Ii the fire switch is the desired root switch and has a priority of 32,768 for VLAN 5. The foreign netwc could also be a customer network, is connected through the dragon switch. The ranger switch has ; 8192 and is root for VLAN 5 in that network. To prevent the ranger switch from becoming root for > interface command spanning-tree guard root was used on the GigabitEthernet 0/1 interface of t switch.

0 0

Post a comment