Root Guard Configuration
You enable STP root guard on a per-port or per-port-channel basis.
FTOS Behavior: The following conditions apply to a port enabled with STP root guard:
•
Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking
port.
•
Root guard is supported on a port in any Spanning Tree mode:
•
•
•
•
•
When enabled on a port, root guard applies to all VLANs configured on the port.
•
Root guard and loop guard cannot be enabled at the same time on an STP port. For example, if you
configure root guard on a port on which loop guard is already configured, the following error message is
displayed:
% Error: LoopGuard is configured. Cannot configure RootGuard.
•
When used in an MSTP network, if root guard blocks a boundary port in the CIST, the port is also blocked
in all other MST instances.
To enable the root guard on an STP-enabled port or port-channel interface in instance 0, enter the
spanning-tree 0 rootguard
Task
Enable root guard on a port or port-channel interface.
0
:
Enables root guard on an STP-enabled port assigned to
instance 0.
mstp
:
Enables root guard on an MSTP-enabled port.
rstp
:
Enables root guard on an RSTP-enabled port.
pvst
:
Enables root guard on a PVST-enabled port.
To disable STP root guard on a port or port-channel interface, enter the
command in an interface configuration mode.
To verify the STP root guard configuration on a port or port-channel interface, enter the
spanning-tree 0 guard
SNMP Traps for Root Elections and Topology Changes
•
Enable SNMP traps for Spanning Tree state changes using the command
•
Enable SNMP traps for MSTP using the command
Spanning Tree Protocol
(STP)
Rapid Spanning Tree Protocol
Multiple Spanning Tree Protocol
Per-VLAN Spanning Tree Plus
command:
[
interface
interface]
(RSTP)
(MSTP)
(PVST+)
Command Syntax
spanning-tree
0
{
pvst
rootguard
}
command in global configuration mode.
snmp-server enable traps xstp
Command Mode
mstp
rstp
|
|
|
INTERFACE
INTERFACE
PORT-CHANNEL
no spanning-tree 0 rootguard
show
snmp-server enable traps stp
.
Spanning Tree Protocol | 1063
.