Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

udld and root guard

I want to implement these two features on our network and I have a couple

of questions before I do so.

1-Can udld be configured w/no interruption to the network? Will conifguring

this have any impact on the link at the time it's configured?

2-We have a hub/spoke/star network. Does root guard get configured on the

'spokes' or at the core?

3-Will configring root guard have an impact on the network when the command is entered on the switch?


New Member

Re: udld and root guard


All changes due configurations of spanning tree stuff, will have impact on the network. SPT will do a recalculation. Maybe some faetures like portfast will not do any harm when configure.

3) Yes probably, but this depend some of how your topology looks.

2) Root guard needs to be enabled on all ports where the root bridge should not appear.

1) This command must be eneteed on both sides of the link. I dont think this will impact on SPT recalculation.

In your design, do you use the SPT feature and redundancy. I mean if your running a star/hub/spoke design?

If you dont run redundancy and need feature to run loop free, turn SPT off.

New Member

Re: udld and root guard

I just wrote up a long reply and it doesn't look like it got posted.

I'm still a little confused about the root guard feature.

You say:

2) Root guard needs to be enabled on all ports where the root bridge should not appear.

In a star or hob/spoke topology, let's say root is at the core. So, would root

guard be placed on the interfaces of the switches at the edges of the network, so the root can't originate from there? I'm thinking of this feature like an

access list where you limit what you want sent out that particular interface.

If you place root guard on the links at the center of the network on the core,

wouldn't that prevent root being announced properly out to the edge?

New Member

Re: udld and root guard

Sorry about the long respone time...

Thats right, you'll protect your core from letting some edge equipment to be a root. Set the command on those ports.


If you got a core of cisco switches, having some other manufacture switches at the distribution/access level and you dont want them to participate in SPT root calculation. Set the root guard feature on those ports.

New Member

Re: udld and root guard

Still im wundering about your design and the need of spanningtree...if running a star topology, are your running redundant links and double core switches?

New Member

Re: udld and root guard

I apologize about the long delay myself. I didn't select the notify option

when I submitted and I have to rely on memory to come back to the topic.

The net design was in the post that didn't make it. I'm not sure what happened.

We have 1 core switch with a couple of WS-X6408-GBIC cards.

So that sits in the middle of everything. We have 51 vlans. And we do

some layer3 access lists on the MFSC of the core.

As an example, I'll use our Business Center. We have 2 distribution

switches in the basement 'bc0a' and 'bc0b'. On each of the floors in the

building we have 2 switches, one connects to bc0a and one goes to

bc0b. The floor switches have an interconnect between them. So if

bc0a goes down, traffic will flow acroos the interconnect from floor a

over to floor b and then out to bc0b to our core.

I did an analysis of our spanning tree and found that we have 2 different

switches listed as root. Neither one is the core switch.

I'm really sorry to have to ask you this again but I still don't know where

to put the root guard config.

Do I enter it on the core switch ports?

Do I enter it on the edge and distribution switch ports?

Do I enter it on all ports of all switches everywhere?


New Member

Re: udld and root guard

Hi again...its the same for me...memory (just idle)!

Start to configure your core switch as the primary root.

"set spanning tree vlan 1 root" (do the same for all VLANs).

Then choose your switch that can be secondary root.

"set spanning tree vlan 1 secondary root" (and the same for all).

This way you have hard choosen your structure of SPT.

The on your distribution switches:

"set spanning tree root guard" on thoose ports (to the switches) you want to not be apart of SPT root selection.

core(root)==dist(guard)==access(not part of root calculation).

Hope my writen english is understandable;