Tony,
You shouldn't be able to type 255 as a value anymore except you have a really old switch. Reason being that the newer platforms place other factors such as extended system ID (vlan capability etc) into spanning-tree calculation. Your values should increase or decrease by 4096 (please check this actual value out from the switch). As Ankur rightly said "root guard" will prevent the overthrow of a root bridge. And your command "spanning-tree vlan 1-1005 priority ? " can make a device a root bridge. To use this command though you must have done your homework by checking the spanning-tree status of your connected devices and know that the value you type will make the device the "root bridge". You can verify with "sho spanning-tree summary" or specify the vlans in question "sho spanning-tree vlan xxx" to know their current root bridge value. A quick and more accurate way will be to use the command "spanning-tree vlan 1-1005 root primary/secondary". The switch will decrement it's v!
alue till it is the root bridge. If going below that 4096 value is what it needs to win it should error out.
As for "bpdu guard", this is used to prevent a port from receiving bpdu traffic and sending it into your switch network which could cause recalculation of spanning-tree. If you've protected your root bridge with "root guard", this shouldn't be a problem. But why take chances. To stop that bpdu message use "spanning-tree bpduguard enable" at the interface level or "spanning-tree bpduguard default" globally. Now this command works alongside spanning-tree portfast which turns off spanning-tree. So be carefull. You might have forgotten that small switch you plugged to get additional ports into your network.
Regards.
Sanda Babatunde B.Sc (Accounting) CCNP, CCVP, CCNA(R,S,V), MCSA, N+, A+.
Sent from my iPhone
On Jul 27, 2010, at 9:38 PM, Ankur Thakkar <ankurrulz_at_gmail.com> wrote:
> Hi Tony,
>
> Root guard is ideally applied on all the ports of a root bridge so that it
> will not allow any superior BPDU's to demote itself.
>
>
> Rgrds
> Ankur
>
> On Sun, Jul 18, 2010 at 2:46 PM, Tony claros <tonyclaros26_at_gmail.com> wrote:
>
>> Hi
>>
>> When to use bpdu guard && Root Guard.
>>
>> Condition needs to be applied on SW 2 that it should not become root for
>> any
>> vlan
>> solution : spanning-tree vlan 1-1005 priority 255 ( is this correct )
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> -------------------------
> "Born with a Noble personality is an accident .
> But dying with a Noble personality is an achievement "
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 28 2010 - 01:36:12 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 19:19:14 ART