Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
21222324252627282930
23
OL-11615-01
STP Root Guard
STP Root Guard is an available feature on Catalyst 6500 and 4500 Series switches running Catalyst OS
and Cisco IOS software that enforces the placement of the root bridge. STP root guard is a feature that
is enabled on selected ports to prevent surrounding switches from becoming the root switch. The root
guard feature forces a port to become a designated port so that no switch on the other end of the link can
become a root switch. If a port configured for root guard receives a superior BPDU, the port immediately
goes into a root-inconsistent (blocked) state. In this way, STP root guard blocks other devices trying to
become the root bridge by sending superior BPDUs.
In a typical environment, you can identify ports that will never connect to a root bridge. For example,
ports connecting to workstations or servers. STP root guard should be enabled on such ports to ensure
that a root bridge will never be negotiated on those ports.
Note Do not enable loop guard and root guard on a port at the same time. Root guard forces a port to always
be designated as the root port. Loop guard is effective only if the port is a root port or an alternate port.
To enable STP Root Guard on a port of a system running Catalyst OS, use the set spantree guard root
command.
Console> (enable) set spantree guard {none | root | loop}
mod/port
This example shows how to enable STP Root Guard:
Console> (enable) set spantree guard root 5/1
Rootguard on port 5/1 is enabled.
Warning!! Enabling rootguard may result in a topolopy change.
Console> (enable)
For more information on the set spantree guard root command on the Catalyst 6500, refer to the
following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/cmd_ref/setsn
_su.htm#wp1199243
For more information on the set spantree guard root command on the Catalyst 4500, refer to the
following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/8_3/command/set_q
_s.htm#wp1046977
To enable STP Root Guard on an interface of a system running Cisco IOS, use the spanning-tree guard
root command. You must first enable PortFast on the port.
Switch(config)# interface
type slot/port
Switch(config-if)# spanning-tree guard {loop | root | none}
This example shows how to enable STP Root Guard on an interface:
Switch(config)# interface GigabitEthernet2/1
Switch(config-if)# spanning-tree guard root
For more information on the spanning-tree guard root command on the Catalyst 6500, refer to the
following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/s1.htm#wp1031770