Configuring Optional Spanning-Tree Features
Enabling Root Guard
Root guard enabled on an interface applies to all the VLANs to which the interface belongs. Do not
enable the root guard on interfaces to be used by the UplinkFast feature. With UplinkFast, the backup
interfaces (in the blocked state) replace the root port in the case of a failure. However, if root guard is
also enabled, all the backup interfaces used by the UplinkFast feature are placed in the root-inconsistent
state (blocked) and are prevented from reaching the forwarding state.
You cannot enable both root guard and loop guard at the same time.
Note
You can enable this feature if your switch is running PVST+, rapid PVST+, or MSTP.
Beginning in privileged EXEC mode, follow these steps to enable root guard on an interface. This
procedure is optional.
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
spanning-tree guard root
Step 4
end
Step 5
show running-config
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.
To disable root guard, use the no spanning-tree guard interface configuration command.
Enabling Loop Guard
You can use loop guard to prevent alternate or root ports from becoming designated ports because of a
failure that leads to a unidirectional link. This feature is most effective when it is configured on the entire
switched network. Loop guard operates only on interfaces that are considered point-to-point by the
spanning tree.
You cannot enable both loop guard and root guard at the same time.
Note
You can enable this feature if your switch is running PVST+, rapid PVST+, or MSTP.
Beginning in privileged EXEC mode, follow these steps to enable loop guard. This procedure is optional.
Command
Step 1
show spanning-tree active
or
show spanning-tree mst
Step 2
configure terminal
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
1-18
Purpose
Enter global configuration mode.
Specify an interface to configure, and enter interface configuration mode.
Enable root guard on the interface.
By default, root guard is disabled on all interfaces.
Return to privileged EXEC mode.
Verify your entries.
Purpose
Verify which interfaces are alternate or root ports.
Enter global configuration mode.
Chapter 1
Configuring Optional Spanning-Tree Features
OL-25303-03