18-11
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 18 Configuring Optional Spanning-Tree Features
Understanding Optional Spanning-Tree Features
Root guard enabled on an interface applies to all the VLANs to which the interface belongs. VLANs can
be grouped and mapped to an MST instance.
You can enable this feature by using the spanning-tree guard root interface configuration command.
Caution Misuse of the root-guard feature can cause a loss of connectivity.
Figure 18-9 Root Guard in a Service-Provider Network
Understanding Loop Guard
You can use loop guard to prevent alternate or root ports from becoming designated ports b ecause of a
failure that leads to a unidirectional link. This feature is most effective when it is enabled on the entire
switched network. Loop guard prevents alternate and root ports from becoming designated ports, and
spanning tree does not send BPDUs on root or alternate port s.
You can enable this feature by using the spanning-tree loopguard default global configuration
command.
When the switch is operating in PVST+ or rapid-PVST+ mode, loop gu ard prevents alternate and root
ports from becoming designated ports, and spanning tree does not send BPDUs on root or alternate ports.
When the switch is operating in MST mode, BPDUs are not sent o n nonboundary ports only if the
interface is blocked by loop guard in all MST instances. On a bo undary port, loop guard blocks the
interface in all MST instances.
101232
Desired
root switch
Customer network
Potential
spanning-tree root without
root guard enabled
Enable the root-guard feature
on these interfaces to prevent
switches in the customer
network from becoming
the root switch or being
in the path to the root.
Service-provider network