Enabling Root Guard - Cisco Catalyst 3550 series Software Configuration Manual
Multilayer switch
Hide thumbs
Also See for Catalyst 3550 series:
- Reference manual (58 pages) ,
- Datasheet (21 pages) ,
- Manual (19 pages)
Table of Contents
Advertisement
Chapter 18
Configuring Optional Spanning-Tree Features
You can use the show interfaces status err-disabled privileged EXEC command to determine which
switch ports are disabled because of an EtherChannel misconfiguration. On the remote device, you can
enter the show etherchannel summary privileged EXEC command to verify the EtherChannel
configuration.
After the configuration is corrected, enter the shutdown and no shutdown interface configuration
commands on the port-channel interfaces that were misconfigured.
Enabling Root Guard
Root guard enabled on an interface applies to all the VLANs to which the interface belongs.
Do not enable the root guard on interfaces to be used by the UplinkFast feature. With UplinkFast, the
backup interfaces (in the blocked state) replace the root port in the case of a failure. However, if root
guard is also enabled, all the backup interfaces used by the UplinkFast feature are placed in the
root-inconsistent state (blocked) and are prevented from reaching the forwarding state.
You cannot enable both root guard and loop guard at the same time.
Note
You can enable this feature if your switch is running PVST+, rapid PVST+, or MSTP.
Beginning in privileged EXEC mode, follow these steps to enable root guard on an interface. This
procedure is optional.
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
spanning-tree guard root
Step 4
end
Step 5
show running-config
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.
To disable root guard, use the no spanning-tree guard interface configuration command.
Enabling Loop Guard
You can use loop guard to prevent alternate or root ports from becoming designated ports because of a
failure that leads to a unidirectional link. This feature is most effective when it is configured on the entire
switched network. Loop guard operates only on ports that are considered point-to-point by the spanning
tree.
You cannot enable both loop guard and root guard at the same time.
Note
You can enable this feature if your switch is running PVST+, rapid PVST+, or MSTP.
78-11194-09
Purpose
Enter global configuration mode.
Enter interface configuration mode, and specify an interface to configure.
Enable root guard on the interface.
By default, root guard is disabled on all interfaces.
Return to privileged EXEC mode.
Verify your entries.
Catalyst 3550 Multilayer Switch Software Configuration Guide
Configuring Optional Spanning-Tree Features
18-21
Advertisement
Table of Contents
Troubleshooting
