The set protocols spanning-tree pvst interface root-guard command is used to enable or disable root guard function for Rapid-PVST+.
set protocols spanning-tree pvst interface <interface-name> root-guard <true | false>
Specifies a port name. The value is a string that can be set to a physical port name or a LAG port.
root-guard <true | false>
Enables or disables root guard function for Rapid-PVST+. The value could be true or false.
By default, root guard function is disabled.
If a port is enabled with the root guard function, its port role on all instances can only be the designated port. Once the port that is enabled with root guard receives BPDUs with a higher priority, the port enters the Discarding state and does not forward packets. If the port does not receive any BPDUs with a higher priority for a long time, the port automatically returns to the Forwarding state.
- Enable root guard function for Rapid-PVST+ mode on port ge-1/1/1.