stp root-protection
Function
The stp root-protection command enables root protection at the current port.
The undo stp root-protection command restores the default setting of root protection.
By default, root protection is disabled at all ports.
Views
Ethernet interface view, GE interface view, XGE interface view, MultiGE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view, 25GE interface view
Usage Guidelines
Usage Scenario
Owning to incorrect configurations or malicious attacks on the network, a root bridge may receive BPDUs with a higher priority. Consequently, the root bridge is no longer able to serve as the root bridge, and the network topology is changed, triggering a spanning tree recalculation. This spanning tree recalculation may transfer traffic from high-speed links to low-speed links, causing traffic congestion.
If a designated port is enabled with the root protection function, the port role cannot be changed. Once a designated port that is enabled with root protection receives BPDUs with a higher priority, the port enters the Discarding state and does not forward packets. If the port does not receive any BPDUs with a higher priority before a period (generally two Forward Delay periods) expires, the port automatically enters the Forwarding state.
You can run the stp timer forward-delay command to set the Forward Delay period.
Precautions
The root protection function takes effect only on a designated port. In addition, configuring the root protection function on a port that functions as the designated port in all instances is recommended. Generally, root protection is configured on the interfaces of the root bridge.
If the stp root-protection command is run on other types of ports, the root protection function does not take effect.
Loop protection and root protection cannot be configured on the same interface.