Administrator Guide

In STP topology 3 (shown in the lower middle), if you have enabled the root guard feature on the STP port on Switch C that connects to

device D, and device D sends a superior BPDU that would trigger the election of device D as the new root bridge, the BPDU is ignored and

the port on Switch C transitions from a forwarding to a root-inconsistent state (shown by the green X icon). As a result, Switch A

becomes the root bridge.

Figure 127. STP Root Guard Prevents Bridging Loops

Configuring Root Guard

Enable STP root guard on a per-port or per-port-channel basis.

Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard:

• Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.

• Root guard is supported on a port in any Spanning Tree mode:

• Spanning Tree Protocol (STP)

• Rapid Spanning Tree Protocol (RSTP)

• Multiple Spanning Tree Protocol (MSTP)

• Per-VLAN Spanning Tree Plus (PVST+)

• When enabled on a port, root guard applies to all VLANs configured on the port.

• You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure root guard on a port on

which loop guard is already configured, the following error message displays: • % Error: LoopGuard is configured.

Cannot configure RootGuard.

• When used in an MSTP network, if root guard blocks a boundary port in the CIST, the port is also blocked in all other MST instances.

To enable the root guard on an STP-enabled port or port-channel interface in instance 0, use the following command.

Spanning Tree Protocol (STP)

931