特性Root Guard正是利用上述原因,控制SW2用来连接新加入交换机的那个端口的角色,可以决定是否让其影响当前网络。开启了Root Guard功能的端口,如果在此端口上连接的新交换机试图成为根交换机,那么此端口并不会成为根端口,相反,此端口将进入inconsistent (blocked) 状态,从而防止新加入交换机抢占根角色来影响网络。
注:
★运行MSTP时,开启了Root guard的端口强制成为指定端口。
★开启Root guard的端口在哪个vlan,Root guard就对哪些vlan生效。
★不能在需要被UplinkFast使用的端口上开启Root Guard。
★Root Guard在可能连接新交换机的端口上开启。
配置:
SW2(config-if)#spanning-tree guard root
SW2(config-if)#
SW2#sh spanning-tree int e0/0 detail
Port 1 (Ethernet0/0) of VLAN0001 is broken (Root Inconsistent)
Port path cost 100, Port priority 128, Port Identifier 128.1.
Designated root has priority 32769, address aabb.cc00.0200
Designated bridge has priority 32769, address aabb.cc00.0200
Designated port id is 128.1, designated path cost 0
Timers: message age 2, forward delay 0, hold 0
Number of transitions to forwarding state: 0
Link type is shared by default
Root guard is enabled on the port
BPDU: sent 0, received 135
当开启了root guard的端口所连接的交换机试图称为根交换机时,就会出现如下信息:
SW2#
*Mar 18 01:38:21.012: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking port Ethernet0/0 on VLAN0001.
查看被放入到inconsistent状态的端口:
SW2#show spanning-tree inconsistentports
Name Interface Inconsistency
-------------------- ------------------------ ------------------
VLAN0001 Ethernet0/0 Root Inconsistent
VLAN0010 Ethernet0/0 Root Inconsistent
VLAN0020 Ethernet0/0 Root Inconsistent
Number of inconsistent ports (segments) in the system : 3
SW2#