Per-VLAN Spanning Tree Plus | 843
Configure a Root Guard
Use the Root Guard feature in a Layer 2 PVST+ network to avoid bridging loops.
You enable root guard on a per-port or per-port-channel basis.
To enable a root guard on a PVST-enabled port or port-channel interface, enter the
spanning-tree pvst
rootguard
command. Refer to STP Root Guard on page 1060 for more information on how to use the root
guard feature.
To disable PVST+ root guard on a port or port-channel interface, enter the
no spanning-tree pvst rootguard
command in an interface configuration mode.
To verify the PVST+ root guard configuration on a port or port-channel interface, enter the
show
spanning-tree pvst [vlan vlan-id] guard
command in global configuration mode.
FTOS Behavior: The following conditions apply to a port enabled with root guard:
• Root guard is supported on any PVST-enabled port or port-channel interface except when used as a
stacking port.
• Root guard is supported on a port in any Spanning Tree mode:
• Spanning Tree Protocol (STP)
• Rapid Spanning Tree Protocol (RSTP)
• Multiple Spanning Tree Protocol (MSTP)
• Per-VLAN Spanning Tree Plus (PVST+)
• When enabled on a port, root guard applies to all VLANs configured on the port.
• Root guard and loop guard cannot be enabled at the same time on a PVST+ port. For example, if you
configure loop guard on a port on which root guard is already configured, the following error message is
displayed:
% Error: RootGuard is configured. Cannot configure LoopGuard.
Task Command Syntax Command Mode
Enable root guard on a port or port-channel interface.
spanning-tree pvst rootguard
INTERFACE
INTERFACE
PORT-CHANNEL
To Next Page
Loading...
