If a superior BPDU is received on the port with Root Guard enabled. Root Inconsistentstate is similar to blocking state, in that BPDUs are not sent outbound, but accepted inbound, and all received frames are dropped.
This feature is used to prevent a rogue device from announcing itself as the new root bridge and possibly implementing a layer 2 man-in-the-middle attack.
SW2(config)#int eth2/2
SW2(config-if)#spanning-tree guard root
SW3(config)#spanning-tree vlan 11 root primary
No comments:
Post a Comment