From: Bryan Bartik (bbartik@ipexpert.com)
Date: Thu Mar 26 2009 - 14:19:19 ART
Joe, that's what I am saying. I think this is a classic case for root guard.
I mean there are a couple ways to word it. You can say:
"Make sure this port never becomes root port"
"Make sure root switch is never learned on this port"
Maybe there are some other ways...
On Thu, Mar 26, 2009 at 11:17 AM, Joe Astorino <joe_astorino@comcast.net>wrote:
> I don't think we are all on the same page here :) Divin, I understand what
> you are saying, and I understand how root guard works, but I don't
> understand what this has to do with the task at hand (make sure a port on a
> non-root switch never becomes the root port, which is entirely different
> than becoming the root bridge)
>
>
>
> "He not busy being born is busy dying" -- Dylan
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
>
> mQGiBEY2qu8RBAD0E7Ydspmpn9/rRfd614pvDaqj4GKAUeWpc8NNJ3xNU9C5TAKg
> Ta/52f2DvxgPlw6m7W66AJP0HZODw2ameQ9tNMrz3upKRA+ISFaqkJa99UOTdLGC
> W/HtHWZNUJDopBHm3j/TBAAhI0EWvcNIudbHx5zYY4osfDNMaIXYaySwIwCg61Db
> RuST/K0PlSUFK9o6AqTmrcsD/ReQLYK/OEzZBQsPBqMD68ADtdYyIA3VZ7nhWCzc
> YODiBl36XIskcwyVAnU9YXs/Hf96MfI1R2fvYGW8jJ4WHb3wT1JxgiUG4rUbA2L3
> doxNseggGrKC31njFynVuOpdd/TRfsqzV3Yv5MGFPkNG3w/AoiRtwoMZFUtAox3j
> EWbBA/4mYkTKS/Rfgpv7QQHj4ajCHsTL/JNSN8LARwbBomUFdJ+0xdNdr7Ax1zC4
> FEUfP0plRMLMypKPSNYzlIF8dKGwW2I8hUMfQpmIBA4BXBE0/mbv21lU2AzTkvb1
> FssbIzhCkx3mMzESgYIwnnNkJBatTfFqKOxGm//G7s2y1eFPsrQnSm9lIEFzdG9y
> aW5vIDxqb2VfYXN0b3Jpbm9AY29tY2FzdC5uZXQ+iGAEExECACAFAkY2qu8CGwMG
> CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAb4dzwEzSi9chbAKCTz89zl4etDIdD
> Hewo7LNEmfT8uQCgmbneQqTT5VyIEx75nG5KzJh2K2m5Ag0ERjaq7xAIALgM2fwR
> tuhRNrwvkYFXTA5grAnnhGqFXPfLt5YlU86QLdu3Z9WJcAAHck1HMCUxdm0gZyNu
> q5XQnmr76dbWjftQ+mxYAdhZGjjGV1OQyjfyUoLbxyR0jvaLUTFvMmtxFsHpJvEc
> VLscWZUvjPbpcg/BH8EWbDUSCJc70EZMW6TpjyL+1Eq6+n4KB+IWDnn603U3vYFj
> ExVfg2CqTIzC/mxAGQ/lg1ujKBnL/VemGpjZzL8jyYVLhAtASTWnwuaL1Sf2kCYh
> fApP+06YxkQ39BrJmi7Dg6s5zeRu4le57kPLVAGK0ZYRbaq5asAi9Ni5j/ZLdh/b
> F3oUgAOTPQtqbi8AAwUH/1n9jpOXRX7LsfsI5K4gVhHYPUYuy5WuRRxJZ6Y1JbOq
> UfePLg+cutaxE8RAvEY1VZvNTvEt7UYPoA3qR3lb4IzLqJimbbKGhhVdHIOYLGnz
> nxiwfo4S+my9GEYKLb3iHIR1DCfihhDryVlFYGAMCPNh0w2sNSSenP4cZBuD6V1J
> QLitW9aZoURMvtFYU8aO/BlZ7hVlRVNU5juwwAM5t2n2gBeRhMthaAR7OApDypvB
> 1TM+BeSDchieEAFNkX4leSMbFgP3CJmAXMJXKj8MQmsR8gdccUHGplGFI6IzNklm
> L/eWLdhAZsM+LsAo4MpoJzPoQyFIH7wmIPm4b/z7YZmISQQYEQIACQUCRjaq7wIb
> DAAKCRAb4dzwEzSi9XiWAKCdDtdnTW9X/6rHxQL/obNiZsEtEwCgrlmYisNacJyf
> 74k/eLaYWYqu7YI=
> =8HMA
> -----END PGP PUBLIC KEY BLOCK-----
>
> ----- Original Message -----
> From: "Divin Mathew John" <divinjohn@gmail.com>
> Cc: "Bryan Bartik" <bbartik@ipexpert.com>, "oluwaseyi ojo" <
> sameoj@gmail.com>, "ftt" <femi0802@googlemail.com>, ccielab@groupstudy.com
> Sent: Thursday, March 26, 2009 1:14:25 PM GMT -05:00 US/Canada Eastern
> Subject: Re: STP Root port Eligibility
>
> Joe,
>
> Root Guard just makes sure. thatconsider this scenario
>
> Sw1 -----> Sw2 --->sw3
>
> SW1 is the root now u have root guard on the Sw2 port connecting to
> sw3. now even if u add a switch sw4 after sw3 in the topology and even
> if it has a superior BPDU it will not oust SW1 as the root
> Thanking You
>
> Yours Sincerely
>
> Divin Mathew John
> divinjohn@gmail.com
> divin@dide3d.com
> +91 9945430983
> +91 9846697191
> +974 5008916
> PGP PUBLIC KEY BLOCK @ http://www.dide3d.com/divin_Public_PGP_key.txt
> Sent from: Bangalore KA India.
>
>
> On Thu, Mar 26, 2009 at 10:41 PM, Joe Astorino <joe_astorino@comcast.net>
> wrote:
> > I think I see what you are saying now Bryan -- Are you saying to put root
> > guard on the port that should never become the root port? That way, when
> it
> > hears BPDUs from the root switch, it will shut down the port? Definitely
> > "outside the box" way of using root guard, but I guess that would work!
> >
> > "He not busy being born is busy dying" -- Dylan
> >
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> > Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
> >
> > mQGiBEY2qu8RBAD0E7Ydspmpn9/rRfd614pvDaqj4GKAUeWpc8NNJ3xNU9C5TAKg
> > Ta/52f2DvxgPlw6m7W66AJP0HZODw2ameQ9tNMrz3upKRA+ISFaqkJa99UOTdLGC
> > W/HtHWZNUJDopBHm3j/TBAAhI0EWvcNIudbHx5zYY4osfDNMaIXYaySwIwCg61Db
> > RuST/K0PlSUFK9o6AqTmrcsD/ReQLYK/OEzZBQsPBqMD68ADtdYyIA3VZ7nhWCzc
> > YODiBl36XIskcwyVAnU9YXs/Hf96MfI1R2fvYGW8jJ4WHb3wT1JxgiUG4rUbA2L3
> > doxNseggGrKC31njFynVuOpdd/TRfsqzV3Yv5MGFPkNG3w/AoiRtwoMZFUtAox3j
> > EWbBA/4mYkTKS/Rfgpv7QQHj4ajCHsTL/JNSN8LARwbBomUFdJ+0xdNdr7Ax1zC4
> > FEUfP0plRMLMypKPSNYzlIF8dKGwW2I8hUMfQpmIBA4BXBE0/mbv21lU2AzTkvb1
> > FssbIzhCkx3mMzESgYIwnnNkJBatTfFqKOxGm//G7s2y1eFPsrQnSm9lIEFzdG9y
> > aW5vIDxqb2VfYXN0b3Jpbm9AY29tY2FzdC5uZXQ+iGAEExECACAFAkY2qu8CGwMG
> > CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAb4dzwEzSi9chbAKCTz89zl4etDIdD
> > Hewo7LNEmfT8uQCgmbneQqTT5VyIEx75nG5KzJh2K2m5Ag0ERjaq7xAIALgM2fwR
> > tuhRNrwvkYFXTA5grAnnhGqFXPfLt5YlU86QLdu3Z9WJcAAHck1HMCUxdm0gZyNu
> > q5XQnmr76dbWjftQ+mxYAdhZGjjGV1OQyjfyUoLbxyR0jvaLUTFvMmtxFsHpJvEc
> > VLscWZUvjPbpcg/BH8EWbDUSCJc70EZMW6TpjyL+1Eq6+n4KB+IWDnn603U3vYFj
> > ExVfg2CqTIzC/mxAGQ/lg1ujKBnL/VemGpjZzL8jyYVLhAtASTWnwuaL1Sf2kCYh
> > fApP+06YxkQ39BrJmi7Dg6s5zeRu4le57kPLVAGK0ZYRbaq5asAi9Ni5j/ZLdh/b
> > F3oUgAOTPQtqbi8AAwUH/1n9jpOXRX7LsfsI5K4gVhHYPUYuy5WuRRxJZ6Y1JbOq
> > UfePLg+cutaxE8RAvEY1VZvNTvEt7UYPoA3qR3lb4IzLqJimbbKGhhVdHIOYLGnz
> > nxiwfo4S+my9GEYKLb3iHIR1DCfihhDryVlFYGAMCPNh0w2sNSSenP4cZBuD6V1J
> > QLitW9aZoURMvtFYU8aO/BlZ7hVlRVNU5juwwAM5t2n2gBeRhMthaAR7OApDypvB
> > 1TM+BeSDchieEAFNkX4leSMbFgP3CJmAXMJXKj8MQmsR8gdccUHGplGFI6IzNklm
> > L/eWLdhAZsM+LsAo4MpoJzPoQyFIH7wmIPm4b/z7YZmISQQYEQIACQUCRjaq7wIb
> > DAAKCRAb4dzwEzSi9XiWAKCdDtdnTW9X/6rHxQL/obNiZsEtEwCgrlmYisNacJyf
> > 74k/eLaYWYqu7YI=
> > =8HMA
> > -----END PGP PUBLIC KEY BLOCK-----
> >
> > ----- Original Message -----
> > From: "Bryan Bartik" <bbartik@ipexpert.com>
> > To: "Divin Mathew John" <divinjohn@gmail.com>
> > Cc: "oluwaseyi ojo" <sameoj@gmail.com>, "ftt" <femi0802@googlemail.com>,
> > ccielab@groupstudy.com
> > Sent: Thursday, March 26, 2009 1:00:14 PM GMT -05:00 US/Canada Eastern
> > Subject: Re: STP Root port Eligibility
> >
> > The task says that the port should never be "root port"...A port becomes
> > root port when it hears superior BPDUs. How can you block these?
> >
> > You are not preventing the downstream ports from using this switch as
> root.
> >
> > On Thu, Mar 26, 2009 at 10:54 AM, Divin Mathew John
> > <divinjohn@gmail.com>wrote:
> >
> >> Root guard allows the device to participate in STP as long as the
> >> device does not try to become the root. If root guard blocks the port,
> >> subsequent recovery is automatic. Recovery occurs as soon as the
> >> offending device ceases to send superior BPDUs.
> >>
> >>
> >>
> http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml#diff
> >>
> >> Exactly...normal STP will function but.! a New root cannot takeover
> >> sending BPDU's from that port.! thats all
> >> Thanking You
> >>
> >> Yours Sincerely
> >>
> >> Divin Mathew John
> >> divinjohn@gmail.com
> >> divin@dide3d.com
> >> +91 9945430983
> >> +91 9846697191
> >> +974 5008916
> >> PGP PUBLIC KEY BLOCK @ http://www.dide3d.com/divin_Public_PGP_key.txt
> >>
> >>
> >>
> >> On Thu, Mar 26, 2009 at 10:21 PM, Bryan Bartik <bbartik@ipexpert.com>
> >> wrote:
> >> > rt. Even with root guard enabled on one port, other ports can be root
> po
> >>
> >
> >
> >
> > --
> > Bryan Bartik
> > CCIE #23707, CCNP
> > Sr. Support Engineer - IPexpert, Inc.
> > URL: http://www.IPexpert.com
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Bryan Bartik CCIE #23707, CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.comBlogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:07 ART