154 Converged Enhanced Ethernet Command Reference
53-1001762-01
spanning-tree guard root
9
DRAFT: BROCADE CONFIDENTIAL
spanning-tree guard rootEnables the guard root to restrict which interface is allowed to be the spanning-tree root port or the
path-to-the root for the switch.
Synopsis spanning-tree guard root
no spanning-tree guard root
Operands none
Defaults Guard root is disabled.
Command
Modes
Interface configuration mode
Description Use this command to enable the guard root on the interface. Use the no spanning-tree guard root
command to disable guard root on the selected interface.
Usage
Guidelines
The root port provides the best path from the switch to the root switch.
Note Guard root protects the root bridge from malicious attacks and unintentional misconfigurations
where a bridge device that is not intended to be the root bridge becomes the root bridge. This
causes severe bottlenecks in the datapath. Guard root ensures that the port on which it is enabled
is a designated port. If the guard root enabled port receives a superior Bridge Protocol Data Unit
(BPDU), it goes to a discarding state.
Examples To enable guard root:
switch(conf-if-te-0/1)#spanning-tree guard root
See Also spanning-tree cost