Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual
Page 394
362
Network OS NETCONF Operations Guide
53-1003231-02
Configuring all xSTP on DCB interface ports
24
Enabling the guard root per LAN (PVST and Rapid PVST)
Use this procedure to enable the guard root on the switch for a specific VLAN. For the VLANs which
have been configured explicitly, the per-VLAN configuration takes precedence over the global
configuration.
The guard root feature provides a way to enforce the root bridge placement in the network. With the
guard root enabled on an interface, the switch is able to restrict which interface is allowed to be the
spanning tree root port or the path to the root for the switch. The root port provides the best path
from the switch to the root switch. By default, guard root is disabled.
Guard root protects the root bridge from malicious attacks and unintentional misconfigurations in
which a bridge device that is not intended to be the root bridge becomes the root bridge. Such
attacks can cause severe bottlenecks in the data path. Guard root ensures that the port on which it
is enabled is a designated port. If the guard root-enabled port receives a superior BPDU, it goes to
a discarding state.
The VLAN ID value can be 1 through 3583. VLAN IDs 3584 through 4094 are internally-reserved
VLAN IDs.
To enable the guard root on a DCB interface for a specific VLAN, perform the following steps.
1. Issue the
urn:brocade.com:mgmt:brocade-interface namespace.
2. Under the
3. Under the
a. In the
port-channel number.
b. In the
port.
c. Include the
urn:brocade.com:mgmt:brocade-xstp namespace.
4. Under the
5. Under the
6. Under the
7. Under the
DCB interface.
operation="delete"/>