The stp root-protection command enables root protection on a port.
The undo stp root-protection command restores the default setting.
By default, root protection is disabled on all ports.
Usage Scenario
A root bridge may no longer be the root bridge after receiving Bridge Protocol Data Units (BPDUs) with a higher priority due to incorrect configurations or attacks on the network. Once the network topology is changed, a spanning tree begins to be recalculated, which may cause traffic to be transferred from high-speed links to low-speed links and trigger traffic congestion.
A designated port enabled with the root protection function cannot change its port role. If such a port receives BPDUs with a higher priority, the port enters the Discarding state and does not forward packets. If the port does not receive any BPDUs with a higher priority before a period (generally twice longer than Forward Delay) expires, the port automatically enters the Forwarding state. NOTE: You can run the stp timer forward-delay command to set the Forward Delay period.Precautions
The root protection function takes effect only on a designated port. Configuring the root protection function on a port that functions as the designated port in all instances is recommended.
If the stp root-protection command is run on a non-designated port, the root protection function does not take effect.<HUAWEI> system-view [~HUAWEI] mpls [*HUAWEI-mpls] quit [*HUAWEI] mpls l2vpn [*HUAWEI-l2vpn] quit [*HUAWEI] vsi 1 [*HUAWEI-vsi-1] pwsignal ldp [*HUAWEI-vsi-1-ldp] vsi-id 33 [*HUAWEI-vsi-1-ldp] peer 1.1.1.1 [*HUAWEI-vsi-1-ldp] peer 1.1.1.1 pw pw1 [*HUAWEI-vsi-1-ldp-pw-pw1] quit [*HUAWEI-vsi-1-ldp] pw pw1 [*HUAWEI-vsi-1-ldp-pw-pw1] stp root-protection