User Manual UMN:CLIV58083118.3.8 Root GuardThe standard STP does not allow the administrator to enforce the position of the rootbridge, as any bridge in the network with lower bridge ID will take the role of the rootbridge. Root guard feature is designed to provide a way to enforce the root bridgeplacement in the network. Even if the administrator sets the root bridge priority to zero inan effort to secure the root bridge position, there is still no guarantee against bridge withpriority zero and a lower MAC address.Fig. 8.26 Root GuardSoftware-based bridge applications launched on PCs or other switches connected by acustomer to a service-provider network can be elected as root switches. If the priority ofbridge B is zero or any value lower than that of the root bridge, device B will be elected asa root bridge for this VLAN. As a result, network topology could be changed. This maylead to sub-optimal switching. But, by configuring root guard on switch A, no switchesbehind the port connecting to switch A can be elected as a root for the service provider’sswitch network. In which case, switch A will block the port connecting switch B.To configure Root-Guard, use the following command.Command Mode Descriptionspanning-tree port PORTSguard root Bridge Configures Root Guard on the network.To delete a configured Root-Guard of specified port, use the following command.Command Mode Descriptionspanning-tree port PORTSguard noneBridgeDisables Root Guard function.no spanning-tree port PORTSguardDeletes a configured Root Guard, returns to defaultconfigurations.