27.13.5 Configuring Root guard
When a switch is accidentally connected to a network or a setting is changed, the root bridge might change, causing an unintended topology. Root guards can be set to prevent this kind of unintended topology change.
- Points to note
-
Root guards are set for designated ports. They are applied to all locations connected to switches other than those that are root bridge candidates.
During root guard operation, if PVST+ is running, only ports for corresponding VLANs are set to be blocked. When Multiple Spanning Tree is running, only ports for corresponding instances are set to be blocked, but if the corresponding port is a boundary port, ports for all instances are set to be blocked.
Command examples
-
(config)# interface gigabitethernet 1/0/1
(config-if)# spanning-tree guard root
Sets root guard functionality for port 1/0/1.