Technical data
Table Of Contents
- Contents
- About This Document
- CLI Basics
- In this chapter
- Management tools
- CEE command line interface
- Saving your configuration changes
- CEE CLI RBAC permissions
- Accessing the CEE CLI through the console or Telnet
- Accessing the CEE CLI from the Fabric OS shell
- CEE CLI command modes
- CEE CLI keyboard shortcuts
- Using the do command as a shortcut
- Displaying CEE CLI commands and command syntax
- CEE CLI command completion
- CEE CLI command output modifiers
- CEE Commands
- advertise dcbx-fcoe-app-tlv
- advertise dcbx-fcoe-logical-link-tlv
- advertise dcbx-iscsi-app-tlv
- advertise dcbx-tlv
- advertise dot1-tlv
- advertise dot3-tlv
- advertise optional-tlv
- bridge-priority
- cee
- cee-map
- channel-group
- cisco-interoperability
- clear counters
- clear counters access-list mac
- clear dot1x statistics
- clear dot1x statistics interface
- clear ip igmp group
- clear ip igmp groups
- clear lacp
- clear lacp counters
- clear lldp neighbors
- clear lldp statistics
- clear mac-address-table dynamic
- clear spanning-tree counter
- copy
- debug dot1x packet
- debug ip igmp all
- debug lacp
- debug lldp packet
- debug spanning-tree
- delete
- deny (extended ACLs)
- deny (standard ACLs)
- description (interface)
- description (LLDP)
- dir
- disable
- do
- dot1x authentication
- dot1x enable
- dot1x port-control
- dot1x protocol-version
- dot1x quiet-period
- dot1x reauthenticate interface
- dot1x reauthentication
- dot1x reauthMax
- dot1x timeout re-authperiod
- dot1x timeout server-timeout
- dot1x timeout supp-timeout
- dot1x timeout tx-period
- enable
- end
- erase flash
- error-disable-timeout enable
- error-disable-timeout interval
- exec-timeout
- exit
- fcoe-map
- fcoeport
- fcoe-priority-bits
- fcoe-vlan
- forward-delay
- fos
- hello
- hello-time
- instance
- interface
- interface vlan
- ip igmp last-member-query-interval
- ip igmp query-interval
- ip igmp query-max-response-time
- ip igmp snooping enable (global version)
- ip igmp snooping enable (VLAN version)
- ip igmp snooping fast-leave
- ip igmp snooping mrouter
- ip igmp snooping mrouter-timeout
- ip igmp snooping querier
- ip igmp static-group
- iscsi-priority-bits
- lacp system-priority
- lacp timeout
- line console
- line vty
- lldp dcbx-version
- lldp disable
- lldp fcoe-priority-bits
- lldp iscsi-priority-bits
- lldp profile
- logout
- mac access-group
- mac access-list extended
- mac access-list standard
- mac-address-table
- max-age
- max-hops
- mode
- mtu
- multiplier
- permit (extended ACLs)
- permit (standard ACLs)
- port-channel path-cost
- priority-group-table
- priority-table
- profile
- protocol lldp
- protocol spanning-tree
- pwd
- qos cos
- qos cos-mutation
- qos cos-traffic-class
- qos map cos-mutation
- qos map cos-traffic-class
- qos queue multicast scheduler
- qos queue scheduler
- qos rcv-queue multicast rate-limit
- qos rcv-queue multicast threshold
- qos trust cos
- quit
- region
- rename
- resequence access-list mac
- revision
- rmon alarm
- rmon collection
- rmon event
- seq (extended MAC ACLs)
- seq (standard MAC ACLs)
- show accounting
- show calendar
- show cee maps
- show clock
- show debug ip igmp
- show debug lacp
- show debug lldp
- show debug spanning-tree
- show dot1x
- show dot1x all
- show dot1x diagnostics interface
- show dot1x interface
- show dot1x session-info interface
- show dot1x statistics interface
- show environment
- show file
- show history
- show interface
- show ip igmp groups
- show ip igmp interface
- show ip igmp mrouter
- show ip igmp snooping
- show ip interface
- show lacp counter
- show lacp sys-id
- show line
- show lldp
- show lldp interface
- show lldp neighbors
- show lldp statistics
- show logging
- show mac access-group
- show mac-address-table
- show media
- show media interface
- show media linecard
- show port-channel
- show power supply
- show privilege
- show processes cpu
- show processes memory
- show qos flowcontrol interface
- show qos interface
- show qos maps
- show qos queue interface
- show qos rcv-queue interface
- show qos rcv-queue multicast
- show rmon
- show running-config
- show running-config access-list mac
- show running-config cee-map
- show running-config dot1x
- show running-configuration igmp
- show running-config interface port-channel
- show running-config interface tengigabitethernet
- show running-config interface vlan
- show running-config linecard
- show running-config rmon
- show spanning-tree
- show spanning-tree brief
- show spanning-tree interface
- show spanning-tree mst brief
- show spanning-tree mst detail
- show spanning-tree mst instance
- show spanning-tree mst-config
- show spanning-tree mst interface
- show startup-config
- show statistics access-list interface
- show statistics access-list mac
- show system
- show tech-support
- show users
- show version
- show vlan
- show vlan classifier
- shutdown (interface)
- shutdown (Spanning Tree Protocol)
- spanning-tree autoedge
- spanning-tree cost
- spanning-tree edgeport
- spanning-tree guard root
- spanning-tree hello-time
- spanning-tree instance
- spanning-tree link-type
- spanning-tree portfast
- spanning-tree priority
- spanning-tree restricted-role
- spanning-tree restricted-tcn
- spanning-tree shutdown
- spanning-tree tc-flush-standard
- switchport
- switchport access
- switchport converged
- switchport mode
- switchport trunk
- system-description
- system-name
- terminal length
- terminal monitor
- transmit-holdcount
- undebug
- vlan classifier activate group
- vlan classifier group
- vlan classifier rule
- write erase
- write memory
232 Converged Enhanced Ethernet Command Reference
53-1002508-01
spanning-tree guard root
2
spanning-tree guard root
Enables the guard root to restrict which interface is allowed to be the spanning-tree root port or the
path to the root for the switch.
Synopsis spanning-tree guard root
no spanning-tree guard root
Operands None
Defaults The guard root is disabled.
Command
Modes
Interface configuration mode
Description Use this command to enable the guard root on the interface. Use the no spanning-tree guard root
command to disable the guard root on the selected interface.
Usage
Guidelines
The root port provides the best path from the switch to the root switch.
The guard root protects the root bridge from malicious attacks and unintentional misconfigurations
where a bridge device that is not intended to be the root bridge becomes the root bridge. This
causes severe bottlenecks in the datapath. The guard root ensures that the port on which it is
enabled is a designated port. If the guard root-enabled port receives a superior Bridge Protocol
Data Unit (BPDU), it goes to a discarding state.
Examples To enable the guard root:
switch(conf-if-te-0/1)#spanning-tree guard root
See Also spanning-tree cost