Quick Definition
Prevents a port from becoming the Root Port, protecting the Root Bridge position.
Root Guard is placed on ports where you do not want a superior BPDU to cause a Root Bridge change. If a superior BPDU is received on a Root Guard-enabled port, that port is placed into the root-inconsistent state and stops forwarding traffic. This prevents an unauthorised switch from claiming the Root Bridge role. Root Guard should be enabled on ports facing downstream (away from the current Root Bridge).
interface GigabitEthernet0/2 spanning-tree guard root
Root Guard and BPDU Guard have different purposes. BPDU Guard shuts down a port that receives any BPDU (protects access ports). Root Guard blocks a port that receives a superior BPDU (protects the Root Bridge election). Both put the port into a restricted state but for different reasons.
Root Guard is placed on ports where you do not want a superior BPDU to cause a Root Bridge change. If a superior BPDU is received on a Root Guard-enabled port, that port is placed into the root-inconsistent state and stops forwarding traffic. This prevents an unauthorised switch from claiming the Root Bridge role. Root Guard should be enabled on ports facing downstream (away from the current Root Bridge).
Root Guard and BPDU Guard have different purposes. BPDU Guard shuts down a port that receives any BPDU (protects access ports). Root Guard blocks a port that receives a superior BPDU (protects the Root Bridge election). Both put the port into a restricted state but for different reasons.
Root Guard falls under the Spanning Tree domain of the 200-301 exam. Understanding it in context with related terms like stp and bpdu-guard is essential for answering scenario-based questions correctly.