stp root-protection
Function
The stp root-protection command enables root protection at the current port.
The undo stp root-protection command restores the default setting of root protection.
By default, root protection is disabled at all ports.
Usage Guidelines
Usage Scenario
Owning to incorrect configurations or malicious attacks on the network, a root bridge may receive BPDUs with a higher priority. Consequently, the root bridge is no longer able to serve as the root bridge, and the network topology is changed, triggering a spanning tree recalculation. This spanning tree recalculation may transfer traffic from high-speed links to low-speed links, causing traffic congestion.
If a designated port is enabled with the root protection function, the port role cannot be changed. Once a designated port that is enabled with root protection receives BPDUs with a higher priority, the port enters the Discarding state and does not forward packets. If the port does not receive any BPDUs with a higher priority before a period (generally two Forward Delay periods) expires, the port automatically enters the Forwarding state.
Precautions
The root protection function takes effect only on a designated port. In addition, configuring the root protection function on a port that functions as the designated port in all instances is recommended.
If the stp root-protection command is run on other types of ports, the root protection function does not take effect.
Loop protection and root protection cannot be configured on the same interface simultaneously.
