Root Guard is a STP feature that can be enabled on individual ports. When root guard is enabled on an individual port it disable the port (via err-disable) if a switch on that port attempts to signal it is the root bridge to the local switch.
The idea of this protection is to prevent unknown switches from becoming a root switch on the spanning tree protocol topology of the network.
Root guard should be enabled on designated ports on the network where a root bridge is not expected to be connected.
To enable Root Guard, in the interface level configuration type:
spanning-tree guard root

Leave a Reply