HP 1606 Converged Enhanced Ethernet Command Reference v6.4.0 (53-1001762-01, J - Page 172

9 spanning-tree guard root DRAFT: BROCADE CONFIDENTIAL spanning-tree guard root Synopsis Operands Defaults Command Modes Description Usage Guidelines Note Examples See Also Enables the guard root to restrict which interface is allowed to be the spanning-tree root port or the path-to-the root for the switch. spanning-tree guard root no spanning-tree guard root none Guard root is disabled. Interface configuration mode Use this command to enable the guard root on the interface. Use the no spanning-tree guard root command to disable guard root on the selected interface. The root port provides the best path from the switch to the root switch. Guard root protects the root bridge from malicious attacks and unintentional misconfigurations where a bridge device that is not intended to be the root bridge becomes the root bridge. This causes severe bottlenecks in the datapath. Guard root ensures that the port on which it is enabled is a designated port. If the guard root enabled port receives a superior Bridge Protocol Data Unit (BPDU), it goes to a discarding state. To enable guard root: switch(conf-if-te-0/1)#spanning-tree guard root spanning-tree cost 154 Converged Enhanced Ethernet Command Reference 53-1001762-01