What Does Root Guard Mean in 200-301?
Quick Definition
Prevents a port from becoming the Root Port, protecting the Root Bridge position.
Full Definition
Root Guard is placed on ports where you do not want a superior BPDU to cause a Root Bridge change. If a superior BPDU is received on a Root Guard-enabled port, that port is placed into the root-inconsistent state and stops forwarding traffic. This prevents an unauthorised switch from claiming the Root Bridge role. Root Guard should be enabled on ports facing downstream (away from the current Root Bridge).
CLI Command
interface GigabitEthernet0/2 spanning-tree guard root
Exam Trap — Don't Get Fooled
Root Guard and BPDU Guard have different purposes. BPDU Guard shuts down a port that receives any BPDU (protects access ports). Root Guard blocks a port that receives a superior BPDU (protects the Root Bridge election). Both put the port into a restricted state but for different reasons.
Related 200-301 Terms
Frequently Asked Questions
What does Root Guard mean on the 200-301 exam?
Root Guard is placed on ports where you do not want a superior BPDU to cause a Root Bridge change. If a superior BPDU is received on a Root Guard-enabled port, that port is placed into the root-inconsistent state and stops forwarding traffic. This prevents an unauthorised switch from claiming the Root Bridge role. Root Guard should be enabled on ports facing downstream (away from the current Root Bridge).
How does Root Guard appear as a trap on the 200-301?
Root Guard and BPDU Guard have different purposes. BPDU Guard shuts down a port that receives any BPDU (protects access ports). Root Guard blocks a port that receives a superior BPDU (protects the Root Bridge election). Both put the port into a restricted state but for different reasons.
How important is Root Guard on the 200-301 exam?
Root Guard falls under the Spanning Tree domain of the 200-301 exam. Understanding it in context with related terms like stp and bpdu-guard is essential for answering scenario-based questions correctly.