Configure a Root Guard
Use the Root Guard feature in a Layer 2 PVST+ network to avoid bridging loops.
You enable root guard on a per-port or per-port-channel basis.
FTOS Behavior: The following conditions apply to a port enabled with root guard:
•
Root guard is supported on any PVST-enabled port or port-channel interface except when used as a
stacking port.
•
Root guard is supported on a port in any Spanning Tree mode:
•
•
•
•
•
When enabled on a port, root guard applies to all VLANs configured on the port.
•
Root guard and loop guard cannot be enabled at the same time on a PVST+ port. For example, if you
configure loop guard on a port on which root guard is already configured, the following error message is
displayed:
% Error: RootGuard is configured. Cannot configure LoopGuard.
To enable a root guard on a PVST-enabled port or port-channel interface, enter the
rootguard
command. Refer to
guard feature.
Task
Enable root guard on a port or port-channel interface.
To disable PVST+ root guard on a port or port-channel interface, enter the
command in an interface configuration mode.
To verify the PVST+ root guard configuration on a port or port-channel interface, enter the
spanning-tree pvst [vlan vlan-id] guard
Spanning Tree Protocol
(STP)
Rapid Spanning Tree Protocol
Multiple Spanning Tree Protocol
Per-VLAN Spanning Tree Plus
STP Root Guard on page 1060
command in global configuration mode.
(RSTP)
(MSTP)
(PVST+)
for more information on how to use the root
Command Syntax
spanning-tree pvst rootguard
spanning-tree pvst
Command Mode
INTERFACE
INTERFACE
PORT-CHANNEL
no spanning-tree pvst rootguard
show
Per-VLAN Spanning Tree Plus | 843