Categories
CCNP Enterprise Core (350-401) Cisco Datalink Layer

Root Guard (Spanning Tree Protocol)

Root Guard is a STP feature that can be enabled on individual ports. When root guard is enabled on an individual port it disable the port (via err-disable) if a switch on that port attempts to signal it is the root bridge to the local switch.

The idea of this protection is to prevent unknown switches from becoming a root switch on the spanning tree protocol topology of the network.

Root guard should be enabled on designated ports on the network where a root bridge is not expected to be connected.

To enable Root Guard, in the interface level configuration type:

spanning-tree guard root

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.