Understanding Root Guard
When you enable Root Guard on a port, Root Guard does not allow that port to become a root port. If a
received BPDU triggers an STP convergence that makes that designated port become a root port, that port is
put into a root-inconsistent (blocked) state. After the port stops sending superior BPDUs, the port is unblocked
again. Through STP, the port moves to the forwarding state. Recovery is automatic.
Root Guard enabled on an interface applies this functionality to all VLANs to which that interface belongs.
You can use Root Guard to enforce the root bridge placement in the network. Root Guard ensures that the
port on which Root Guard is enabled is the designated port. Normally, root bridge ports are all designated
ports, unless two or more of the ports of the root bridge are connected. If the bridge receives superior BPDUs
on a Root Guard-enabled port, the bridge moves this port to a root-inconsistent STP state. In this way, Root
Guard enforces the position of the root bridge.
You cannot configure Root Guard globally.
You can enable Root Guard on all spanning tree port types: normal, edge, and network ports.
Note
Configuring STP Extensions
STP Extensions Configuration Guidelines
When configuring STP extensions, follow these guidelines:
•
Configure all access and trunk ports connected to hosts as edge ports.
•
Bridge Assurance runs only on point-to-point spanning tree network ports. You must configure each
side of the link for this feature.
•
Loop Guard does not run on spanning tree edge ports.
•
Enabling Loop Guard on ports that are not connected to a point-to-point link will not work.
•
You cannot enable Loop Guard if Root Guard is enabled.
Configuring Spanning Tree Port Types Globally
The spanning tree port type designation depends on the type of device the port is connected to, as follows:
•
Edge
—
Edge ports are connected to hosts and can be either an access port or a trunk port.
•
Network
—
Network ports are connected only to switches or bridges.
•
Normal
—
Normal ports are neither edge ports nor network ports; they are normal spanning tree ports.
These ports can be connected to any type of device.
You can configure the port type either globally or per interface. By default, the spanning tree port type is
normal.
Cisco Nexus 6000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x
97
Configuring STP Extensions
Configuring STP Extensions