14-2
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter 14 Configuring STP Features
Overview of Root Guard
Overview of Root Guard
Spanning Tree root guard forces an interface to become a designated port, to protect the current root
status and prevent surrounding switches from becoming the root switch.
When you enable root guard on a per-port basis, it is automatically applied to all of the active VLANs
to which that port belongs. When you disable root guard, it is disabled for the specified port and the port
automatically goes into the listening state.
When a switch that has ports with root guard enabled detects a new root, the ports will go into
root-inconsistent state. Then, when the switch no longer detects a new root, its ports will automatically
go into the listening state.
Enabling Root Guard
To enable root guard on a Layer 2 access port (to force it to become a designated port), perform this task:
This example shows how to enable root guard on Fast Ethernet interface 5/8:
Switch(config)# interface fastethernet 5/8
Switch(config-if)# spanning-tree guard root
Switch(config-if)# end
Switch#
This example shows how to verify the configuration:
Switch# show running-config interface fastethernet 5/8
Building configuration...
Current configuration: 67 bytes
!
interface FastEthernet5/8
switchport mode access
spanning-tree guard root
end
Switch#
This example shows how to determine whether any ports are in root inconsistent state:
Switch# show spanning-tree inconsistentports
Name Interface Inconsistency
-------------------- ---------------------- ------------------
VLAN0001 FastEthernet3/1 Port Type Inconsistent
VLAN0001 FastEthernet3/2 Port Type Inconsistent
VLAN1002 FastEthernet3/1 Port Type Inconsistent
Command Purpose
Step 1
Switch(config)# interface {{fastethernet |
gigabitethernet | tengigabitethernet}
slot
/
port
}
Specifies an interface to configure.
Step 2
Switch(config-if)# [no] spanning-tree guard root
Enables root guard.
You can use the no keyword to disable Root Guard.
Step 3
Switch(config-if)# end
Exits configuration mode.
Step 4
Switch# show spanning-tree
Verifies the configuration.
