howtonetwork.net

Cisco Certification Training

You are here: Home / spanning-tree guard root

spanning-tree guard root

Command

Spanning-Tree Guard Root

Use

This command will disable any port that a superior BPDU is received on. This is done to ensure a switch will remain root at all times.

Syntax

Switch(config-if)#spanning-tree guard root

Example

switch

In the below example we will configure SW1’s trunk ports to use root guard. First, we will ensure SW1 is root for all possible VLANs

SW1(config)#spanning vlan 1-4094 root primary

 

SW1(config-if)#do sh spanning vlan 10

VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 24586
Address 0012.00cb.6c80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24586 (priority 24576 sys-id-ext 10)
Address 0012.00cb.6c80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg LRN 19 128.2 P2p
Fa0/4 Desg FWD 19 128.4 P2p
Fa0/5 Desg FWD 19 128.5 P2p
Fa0/8 Desg FWD 19 128.8 P2p
Fa0/9 Desg FWD 19 128.9 P2p
Fa0/10 Desg FWD 19 128.10 P2p
Fa0/19 Desg FWD 19 128.19 P2p

Next we will configure root guard on the trunk ports.

SW1(config)#int ra fa0/19-24
SW1(config-if-range)#spanning guard root
SW1(config-if-range)#
10:02:52: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port FastEthernet0/19.
10:02:52: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port FastEthernet0/20.
10:02:52: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port FastEthernet0/21.
10:02:52: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port FastEthernet0/22.
10:02:52: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port FastEthernet0/23.
10:02:52: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port FastEthernet0/24.

Now we will configure SW2 to become root for all ports.

SW2(config)#spanning vlan 1-4094 root primary

Notice that SW1 is now blocking the trunk ports.

10:08:26: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking port FastEthernet0/23 on VLAN0001.
10:08:28: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking port FastEthernet0/21 on VLAN0017.

 

SW1(config)#do show spanning vlan 10

VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 24586
Address 0019.060c.4f80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24586 (priority 24576 sys-id-ext 10)
Address 0019.060c.4f80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Fa0/19 Desg BKN*19 128.21 P2p *ROOT_Inc
Fa0/20 Desg BKN*19 128.22 P2p *ROOT_Inc
Fa0/21 Desg BKN*19 128.23 P2p *ROOT_Inc
Fa0/22 Desg BKN*19 128.24 P2p *ROOT_Inc
Fa0/23 Desg BKN*19 128.25 P2p *ROOT_Inc
Fa0/24 Desg BKN*19 128.26 P2p *ROOT_Inc
Get access to over 5 hours of IT webinar videos as well as regular study tips and ideas when you
join our mailing list