Spanning-tree guard root – Brocade Network OS Command Reference v4.1.0 User Manual

Page 1278

Advertising
background image

1240

Network OS Command Reference

53-1003115-01

spanning-tree guard root

2

spanning-tree guard root

Enables the guard root to restrict which interface is allowed to be the spanning-tree root port or the
path-to-the-root for the switch.

Synopsis

spanning-tree guard root [vlan vlan_id]

no spanning-tree guard root

Operands

vlan vlan_id

Specifies a VLAN. Refer to the Usage Guidelines.

Defaults

Guard root is disabled.

Command Modes

Interface subtype configuration mode

Description

Use this command to enable the guard root on the interface.

Guard root protects the root bridge from malicious attacks and unintentional misconfigurations
where a bridge device that is not intended to be the root bridge becomes the root bridge. This
causes severe bottlenecks in the data path. Guard root ensures that the port on which it is
enabled is a designated port. If the guard root enabled port receives a superior Bridge Protocol
Data Unit (BPDU), it goes to a discarding state.

If the VLAN parameter is not provided, the guard root functionality is applied globally for all
per-VLAN instances. But for the VLANs which have been configured explicitly, the
per-VLAN configuration takes precedence over the global configuration.

Usage Guidelines

The root port provides the best path from the switch to the root switch.

If xSTP is enabled over VCS, this command must be executed on all RBridge nodes.Enter
no spanning-tree guard root to disable guard root on the selected interface.

On the Brocade VDX family of switches, VLANs are treated as interfaces from a configuration point
of view. By default, all the DCB ports are assigned to VLAN 1 (VLAN ID equals 1). Valid VLAN IDs
are as follows:

On Brocade VDX 8770 switches: 1 through 4086 for 802.1Q VLANs (VLAN IDs 4087
through 4095 are reserved on these switches), and 4096 through 8191 for service or
transport VFs in a Virtual Fabrics context.

On all other

Brocade

VDX switches: 1

through 3962 for

802.1Q VLANs

(VLAN IDs 3963

through 4095 are

reserved on

these switches),

and 4096

through 8191 for

service or

transport VFs in a

Virtual Fabrics

context.Examples

To enable guard root:

switch(config)# interface tengigabitethernet 0/1

switch(conf-if-te-0/1)# spanning-tree guard root

Advertising
Popular Brands
Popular manuals