Thanks for that clarification
Sent from my BlackBerry wireless device from MTN
-----Original Message-----
From: Muzammil Malick <malickmuz_at_gmail.com>
Date: Mon, 21 Jun 2010 16:56:37
To: <tosco12_at_yahoo.co.uk>
Cc: Bob Sinclair<bob_at_bobsinclair.net>; Abiola Jewoola<biola_y2k_at_yahoo.com>; Cisco certification<ccielab_at_groupstudy.com>
Subject: Re: STP ROOT BRIDGE PROBLEM!!!!
Tosco
"Enabling BPDU filtering on an interface is approximately equivalent to
disabling the spanning tree for this interface"
This would disable spanning-tree BPDUs from being sent or received on the
port and would prevent the switches being part of the same
spanning-tree domain. This would be fine if you did not want to run
spanning-tree between the switches but not if the aim is just to prevent
this switch becoming the root bridge.
On 21 June 2010 16:03, <tosco12_at_yahoo.co.uk> wrote:
> What if one uses bpdufilter feature on the interfaces going to the switch
> that we don't want to be the root bridge, would that be a valid solution?
>
>
>
> Sent from my BlackBerry wireless device from MTN
>
> -----Original Message-----
> From: "Bob Sinclair" <bob_at_bobsinclair.net>
> Sender: nobody_at_groupstudy.com
> Date: Mon, 21 Jun 2010 10:07:23
> To: 'Abiola Jewoola'<biola_y2k_at_yahoo.com>; 'Cisco certification'<
> ccielab_at_groupstudy.com>
> Reply-To: "Bob Sinclair" <bob_at_bobsinclair.net>
> Subject: RE: STP ROOT BRIDGE PROBLEM!!!!
>
> Hi Abiola,
>
>
>
> Yes, the root guard feature is to protect your network against a switch
> becoming root that should not become root. Usually you are defending
> against a customer switch, and the feature operates by isolating that
> customer switch from your network.
>
>
>
> But you can protect your root bridge by configuring root guard on your
> non-root bridge that connects to the customer switch; that way you isolate
> just that customer switch. If you could only configure the feature on the
> root bridge then you might end up isolating large parts of your L2 network,
> not just the offending switch.
>
>
>
> As we saw, you can configure it on a non-root switch: I chose to
> demonstrate
> it on a root port just to show that the local switch was NOT the current
> root. As designed, it put the port connected to the root in Root
> Inconsistent state. Here I configure it on a non-root bridge, on a
> non-root
> port, and you see it does not go root inconsistent:
>
>
>
> SW3#sh span
>
>
>
> VLAN0056
>
> Spanning tree enabled protocol ieee
>
> Root ID Priority 32824
>
> Address 0023.05c4.bb00
>
> Cost 19
>
> Port 21 (FastEthernet0/19)
>
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
>
>
>
> Bridge ID Priority 32824 (priority 32768 sys-id-ext 56)
>
> Address 0023.3307.5680
>
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
>
> Aging Time 300
>
>
>
> Interface Role Sts Cost Prio.Nbr Type
>
> ---------------- ---- --- --------- --------
> --------------------------------
>
> Fa0/19 Root FWD 19 128.21 P2p
>
> Fa0/23 Desg FWD 19 128.25 P2p
>
>
>
> SW3#conf t
>
> Enter configuration commands, one per line. End with CNTL/Z.
>
> SW3(config)#int f0/23
>
> SW3(config-if)#spanning-tree guard root
>
> SW3(config-if)#end
>
> SW3#show span
>
>
>
> VLAN0056
>
> Spanning tree enabled protocol ieee
>
> Root ID Priority 32824
>
> Address 0023.05c4.bb00
>
> Cost 19
>
> Port 21 (FastEthernet0/19)
>
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
>
>
>
> Bridge ID Priority 32824 (priority 32768 sys-id-ext 56)
>
> Address 0023.3307.5680
>
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
>
> Aging Time 300
>
>
>
> Interface Role Sts Cost Prio.Nbr Type
>
> ---------------- ---- --- --------- --------
> --------------------------------
>
> Fa0/19 Root FWD 19 128.21 P2p
>
> Fa0/23 Desg FWD 19 128.25 P2p
>
>
>
> SW3#sh span int f0/23 deet
>
> SW3#sh span int f0/23 det
>
> SW3#sh span int f0/23 detail
>
> Port 25 (FastEthernet0/23) of VLAN0056 is forwarding
>
> Port path cost 19, Port priority 128, Port Identifier 128.25.
>
> Designated root has priority 32824, address 0023.05c4.bb00
>
> Designated bridge has priority 32824, address 0023.3307.5680
>
> Designated port id is 128.25, designated path cost 19
>
> Timers: message age 0, forward delay 0, hold 0
>
> Number of transitions to forwarding state: 1
>
> Link type is point-to-point by default
>
> Root guard is enabled on the port
>
> BPDU: sent 382, received 26
>
>
>
> From: Abiola Jewoola [mailto:biola_y2k_at_yahoo.com]
> Sent: Monday, June 21, 2010 9:54 AM
> To: bob_at_bobsinclair.net
> Subject: RE: STP ROOT BRIDGE PROBLEM!!!!
>
>
>
>
> If you configure the root guard on a non root switch the root port goes to
> inconsistent state as shown in your topology.
>
> Reason to the best of my knowledge( please correct me if am wrong!! ) is
> that the root switch will put any root port which has a better bridge id
> into root inconsistent so as to protect itself from being overthrown as the
> root. The guard root is suppose to guard the root switch not the non-root
> switch.
>
> --- On Mon, 6/21/10, Bob Sinclair <bob_at_bobsinclair.net> wrote:
>
>
> From: Bob Sinclair <bob_at_bobsinclair.net>
> Subject: RE: STP ROOT BRIDGE PROBLEM!!!!
> To: "'Abiola Jewoola'" <biola_y2k_at_yahoo.com>, "'Cisco certification'"
> <ccielab_at_groupstudy.com>
> Date: Monday, June 21, 2010, 5:05 AM
>
> Hi Abiola,
>
> Not sure what you are seeing. It seems I can configure root guard on a
> nonroot bridge. Below you see it configured on a root port:
>
> SW4#sh span vlan 20
>
> VLAN0020
> Spanning tree enabled protocol ieee
> Root ID Priority 32788
> Address 0023.05c9.5e80
> Cost 19
> Port 21 (FastEthernet0/19)
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
>
> Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)
> Address 0023.3307.7000
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
> Aging Time 300
>
> Interface Role Sts Cost Prio.Nbr Type
> ---------------- ---- --- --------- --------
> --------------------------------
> Fa0/10 Desg FWD 19 128.12 P2p
> Fa0/19 Root FWD 19 128.21 P2p <<<<<<<<<<<<<<<<<<<
>
> SW4#conf t
> Enter configuration commands, one per line. End with CNTL/Z.
> SW4(config)#int f0/19
> SW4(config-if)#span guard root <<<<<<<<<<<<<<<<<<<<<
> SW4(config-if)#end
> SW4#sh span vlan 20
>
> VLAN0020
> Spanning tree enabled protocol ieee
> Root ID Priority 32788
> Address 0023.3307.7000
> This bridge is the root <<<<<<<<<<<<<<<<<<<< AFTER
> configuration
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
>
> Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)
> Address 0023.3307.7000
> Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
> Aging Time 15
>
> Interface Role Sts Cost Prio.Nbr Type
> ---------------- ---- --- --------- --------
> --------------------------------
> Fa0/10 Desg FWD 19 128.12 P2p
> Fa0/19 Desg BKN*19 128.21 P2p *ROOT_Inc
> <<<<<<<<<<<<<<<<<<<<<<<
>
> SW4#
>
>
> HTH,
>
> Bob Sinclair
>
>
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> > Abiola Jewoola
> > Sent: Monday, June 21, 2010 2:19 AM
> > To: Abdel Bric; Cisco certification; chris
> > Subject: Re: STP ROOT BRIDGE PROBLEM!!!!
> >
> > I thought Root Guard is normally configured on the root bridge. you
> > cant
> > configure it on non root switches
> >
> > --- On Wed, 6/16/10, chris <chrish711_at_gmail.com> wrote:
> >
> > From: chris <chrish711_at_gmail.com>
> > Subject: Re: STP ROOT BRIDGE PROBLEM!!!!
> > To: "Abdel Bric" <ab4ccie_at_gmail.com>, "Cisco certification"
> > <ccielab_at_groupstudy.com>
> > Date: Wednesday, June 16, 2010, 3:03 PM
> >
> > Uplinkfast will indirectly modify the priority. I would use root guard
> > in
> > the other sitches to make sure this one is not elected ...
> >
> > On Wed, Jun 16, 2010 at 5:46 PM, Abdel Bric <ab4ccie_at_gmail.com> wrote:
> >
> > > how about uplinkfast if it is PVST+ mode
> > >
> > > On Wed, Jun 16, 2010 at 2:53 PM, Narbik Kocharians
> > <narbikk_at_gmail.com>wrote:
> > >
> > >> Puting the switches in diefferent MST domains might also be a valid
> > >> solution.
> > >>
> > >> On Wed, Jun 16, 2010 at 11:47 AM, chris <chrish711_at_gmail.com> wrote:
> > >>
> > >> > What if the question says:
> > >> > >
> > >> > > "Make sure sw4 is not elected root bridge without modifying
> > priority"
> > >> > >
> > >> > > Thanks,
> > >> > >
> > >> > > On Wed, Jun 16, 2010 at 1:07 PM, Ryan DeBerry
> > <rdeberry_at_gmail.com
> > >> > >wrote:
> > >> > >
> > >> > >> key phrase - "But i
> > >> > >> should not touch thats bridge priority."
> > >> > >>
> > >> > >> They are giving you the answer.
> > >> > >>
> > >> > >> Change the other bridge's priorities.
> > >> > >>
> > >> > >> On Wed, Jun 16, 2010 at 1:03 PM, HEMANTH RAJ
> > <hemanthrj_at_gmail.com>
> > >> > wrote:
> > >> > >>
> > >> > >> > In STP I dont want to make a bridge as a root bridge for any
> > vlans.
> > >> > But
> > >> > >> i
> > >> > >> > should not touch thats bridge priority.
> > >> > >> > How will i make a bridge not to become a root bridge without
> > >> touching
> > >> > >> their
> > >> > >> > bridge priority???
> > >> > >> >
> > >> > >> > --
> > >> > >> > Problems arise Bcoz we talk,prblms r not solve bcoz we dont
> > talk So
> > >> > gud
> > >> > >> r
> > >> > >> > bad talk to ur affectionate one's freely
> > >> > >> >
> > >> > >> > Urs Friendly,
> > >> > >> > HP HEMANTH RAJ
> > >>
> > >> > >> >
> > >> > >> >
> > >> > >> > Blogs and organic groups at http://www.ccie.net
> > >> > >> >
> > >> > >> >
> > >> >
> > _______________________________________________________________________
> > >> > >> > Subscription information may be found at:
> > >> > >> > http://www.groupstudy.com/list/CCIELab.html
> > >> > >>
> > >> > >>
> > >> > >> Blogs and organic groups at http://www.ccie.net
> > >> > >>
> > >> > >>
> > >>
> > _______________________________________________________________________
> > >> > >> Subscription information may be found at:
> > >> > >> http://www.groupstudy.com/list/CCIELab.html
> > >> >
> > >> >
> > >> > Blogs and organic groups at http://www.ccie.net
> > >> >
> > >> >
> > _______________________________________________________________________
> > >> > Subscription information may be found at:
> > >> > http://www.groupstudy.com/list/CCIELab.html
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >>
> > >>
> > >> --
> > >> Narbik Kocharians
> > >> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> > >> www.MicronicsTraining.com <http://www.micronicstraining.com/>
> > >> Sr. Technical Instructor
> > >> YES! We take Cisco Learning Credits!
> > >> Training And Remote Racks available
> > >>
> > >>
> > >> Blogs and organic groups at http://www.ccie.net
> > >>
> > >>
> > _______________________________________________________________________
> > >> Subscription information may be found at:
> > >> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> > No virus found in this incoming message.
> > Checked by AVG - www.avg.com
> > Version: 9.0.829 / Virus Database: 271.1.1/2952 - Release Date:
> > 06/20/10 14:36:00
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.829 / Virus Database: 271.1.1/2952 - Release Date: 06/21/10
> 02:36:00
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Jun 21 2010 - 16:04:30 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 09:11:37 ART