TechLibrary

Table of Contents

Guide That Contains This Content

[+] Expand All

[-] Collapse All

Example: Configuring Root Protection to Enforce Root Bridge Placement in Spanning Trees on EX Series Switches

EX Series switches provide Layer 2 loop prevention through Spanning Tree Protocol (STP), Rapid Spanning Tree protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP). Root protection increases the efficiency of STP, RSTP, and MSTP by allowing network administrators to manually enforce the root bridge placement in the network.

This example describes how to configure root protection on an interface on an EX Series switch:

Requirements

This example uses the following hardware and software components:

Junos OS Release 9.1 or later for EX Series switches
Four EX Series switches in an RSTP topology

Before you configure the interface for root protection, be sure you have:

RSTP operating on the switches.

Note: By default, RSTP is enabled on all EX Series switches.

Overview and Topology

Peer STP applications running on switch interfaces exchange a special type of frame called a bridge protocol data unit (BPDU). Switches communicate interface information using BPDUs to create a loop-free topology that ultimately determines the root bridge and which interfaces block or forward traffic in the spanning tree.

However, a root port elected through this process has the possibility of being wrongly elected. A user bridge application running on a PC can generate BPDUs, too, and interfere with root port election.

To prevent this from happening, enable root protection on interfaces that should not receive superior BPDUs from the root bridge and should not be elected as the root port. These interfaces are typically located on an administrative boundary and are designated ports.

When root protection is enabled on an interface:

The interface is blocked from becoming the root port.
Root protection is enabled for all STP instances on that interface.
The interface is blocked only for instances for which it receives superior BPDUs. Otherwise, it participates in the spanning-tree topology.

Caution: An interface can be configured for either root protection or loop protection, but not for both.

Four EX Series switches are displayed in Figure 1. In this example, they are configured for RSTP and create a loop-free topology. Interface ge-0/0/7 on Switch 1 is a designated port on an administrative boundary. It connects to Switch 4. Switch 3 is the root bridge. Interface ge-0/0/6 on Switch 1 is the root port.

This example shows how to configure root protection on interface ge-0/0/7 to prevent it from transitioning to become the root port.

Figure 1: Network Topology for Root Protection

Table 1 shows the components that will be configured for root protection.

Table 1: Components of the Topology for Configuring Root Protection on EX Series Switches

Property	Settings
Switch 1	Switch 1 is connected to Switch 4 through interface ge-0/0/7.
Switch 2	Switch 2 is connected to Switch 1 and Switch 3. Interface ge-0/0/4 is the alternate port in the RSTP topology.
Switch 3	Switch 3 is the root bridge and is connected to Switch 1 and Switch 2.
Switch 4	Switch 4 is connected to Switch 1. After loop protection is configured on interface ge-0/0/7, Switch 4 will send superior BPDUs that will trigger loop protection on interface ge-0/0/7.

A spanning tree topology contains ports that have specific roles:

The root port is responsible for forwarding data to the root bridge.
The alternate port is a standby port for the root port. When a root port goes down, the alternate port becomes the active root port.
The designated port forwards data to the downstream network segment or device.

This configuration example uses an RSTP topology. However, you also can configure root protection for STP or MSTP topologies at the [edit protocols (mstp | stp)] hierarchy level.

Configuration

To configure root protection on an interface:

CLI Quick Configuration

To quickly configure root protection on interface ge-0/0/7, copy the following command and paste it into the switch terminal window:

[edit]
                         set protocols rstp interface ge-0/0/7 no-root-port

Step-by-Step Procedure

To configure root protection:

Configure interface ge-0/0/7:
[edit protocols rstp]

user@switch# set interface ge-0/0/7 no-root-port (Spanning Trees)

Results

Check the results of the configuration:

user@switch> show configuration protocols rstp interface ge-0/0/7.0 {no-root-port;}

Verification

To confirm that the configuration is working properly:

Displaying the Interface State Before Root Protection Is Triggered

Purpose

Before root protection is triggered on interface ge-0/0/7, confirm the interface state.

Action

Use the operational mode command:

user@switch>                              show spanning-tree interface

Spanning tree interface parameters for instance 0

Interface    Port ID    Designated      Designated         Port    State  Role
                         port ID        bridge ID          Cost
ge-0/0/0.0     128:513      128:513  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/1.0     128:514      128:514  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/2.0     128:515      128:515  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/3.0     128:516      128:516  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/4.0     128:517      128:517  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/5.0     128:518        128:2  16384.00aabbcc0348     20000  BLK    ALT  
ge-0/0/6.0     128:519        128:1  16384.00aabbcc0348     20000  FWD    ROOT 
ge-0/0/7.0     128:520      128:520  32768.0019e2503f00     20000  FWD    DESG
[output truncated]

Meaning

The output from the operational mode command show spanning-tree interface shows that ge-0/0/7.0 is a designated port in a forwarding state.

Verifying That Root Protection Is Working on the Interface

Purpose

A configuration change takes place on Switch 4. A smaller bridge priority on the Switch 4 causes it to send superior BPDUs to interface ge-0/0/7. Receipt of superior BPDUs on interface ge-0/0/7 will trigger root protection. Verify that root protection is operating on interface ge-0/0/7.

Action

Use the operational mode command:

user@switch>                              show spanning-tree interface

Spanning tree interface parameters for instance 0

Interface    Port ID    Designated      Designated         Port    State  Role
                         port ID        bridge ID          Cost
ge-0/0/0.0     128:513      128:513  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/1.0     128:514      128:514  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/2.0     128:515      128:515  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/3.0     128:516      128:516  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/4.0     128:517      128:517  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/5.0     128:518        128:2  16384.00aabbcc0348     20000  BLK    ALT  
ge-0/0/6.0     128:519        128:1  16384.00aabbcc0348     20000  FWD    ROOT 
ge-0/0/7.0     128:520      128:520  32768.0019e2503f00     20000  BLK    DIS (Root—Incon)
[output truncated]

Meaning

The operational mode command show spanning-tree interface shows that interface ge-0/0/7.0 has transitioned to a loop inconsistent state. The loop inconsistent state makes the interface block and prevents the interface from becoming a candidate for the root port. When the root bridge no longer receives superior STP BPDUs from the interface, the interface will recover and transition back to a forwarding state. Recovery is automatic.

TechLibrary

Related Documentation

Example: Configuring Root Protection to Enforce Root Bridge Placement in Spanning Trees on EX Series Switches

Requirements

Overview and Topology

Configuration

CLI Quick Configuration

Step-by-Step Procedure

Results

Verification

Displaying the Interface State Before Root Protection Is Triggered

Purpose

Action

Meaning

Verifying That Root Protection Is Working on the Interface

Purpose

Action

Meaning

Related Documentation

Published: 2012-12-07