Example console messages, Root guard – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 611

Advertising
background image

Brocade TurboIron 24X Series Configuration Guide

577

53-1003053-01

Root guard

300 second input rate: 8 bits/sec, 0 packets/sec, 0.00% utilization

300 second output rate: 256 bits/sec, 0 packets/sec, 0.00% utilization

88 packets input, 15256 bytes, 0 no buffer

Received 75 broadcasts, 13 multicasts, 0 unicasts

1 input errors, 0 CRC, 0 frame, 0 ignored

0 runts, 0 giants

4799 packets output, 313268 bytes, 0 underruns

Transmitted 90 broadcasts, 4709

Example console messages

A console message such as the following is generated after a BPDU guard violation occurs on a
system that is running MSTP.

TurboIron(config-if-e10000-23)#MSTP: Received BPDU on BPDU guard enabled Port

23,errdisable Port 23

A console message such as the following is generated after a BPDU guard violation occurs on a
system that is running STP.

TurboIron(config)#STP: Received BPDU on BPDU guard enabled Port 23 (vlan=1),

errdisable Port 23

A console message such as the following is generated after a BPDU guard violation occurs on a
system that is running RSTP.

TurboIron(config-vlan-1)#RSTP: Received BPDU on BPDU guard enabled Port 23

(vlan=1),errdisable Port 23

Root guard

The standard STP (802.1D), RSTP (802.1W) or 802.1S does not provide any way for a network
administrator to securely enforce the topology of a switched layer 2 network. The forwarding
topology of a switched network is calculated based on the root bridge position, along with other
parameters. This means any switch can be the root bridge in a network as long as it has the lowest
bridge ID. The administrator cannot enforce the position of the root bridge. A better forwarding
topology comes with the requirement to place the root bridge at a specific predetermined location.
Root Guard can be used to predetermine a root bridge location and prevent rogue or unwanted
switches from becoming the root bridge.

When root guard is enabled on a port, it keeps the port in a designated role. If the port receives a
superior STP Bridge Protocol Data Units (BPDU), it puts the port into a ROOT-INCONSISTANT state
and triggers a log message and an SNMP trap. The ROOT-INCONSISTANT state is equivalent to the
BLOCKING state in 802.1D and to the DISCARDING state in 802.1W. No further traffic is forwarded
on this port. This allows the bridge to prevent traffic from being forwarded on ports connected to
rogue or misconfigured STP bridges.

Once the port stops receiving superior BPDUs, root guard automatically sets the port back to
learning, and eventually to a forwarding state through the spanning-tree algorithm.

Configure root guard on all ports where the root bridge should not appear. This establishes a
protective network perimeter around the core bridged network, cutting it off from the user network.

Advertising
Popular Brands
Popular manuals