Configuring Root Guard

Root Guard can be enabled or disabled on per port basis. If enabled on port, the switch ignores superior BPDUs received on that port and blocks that port. The port will revert back to forwarding automatically once it stops receiving superior BPDUs. To enable the Root Guard on the Interface, first configure the port as trunk.

By default, the Root Guard is disabled.

Execute the following commands to set the Root Guard on the Interface.
Type the following:
- Enter the Global Configuration Mode.
```
iS5comm# configure terminal
```
- Enter the Interface Configuration mode.
```
iS5comm(config)# interface gigabitethernet 0/1
```
- Configure the Port as Trunk Port.
```
iS5comm(config-if)# switchport mode trunk
```
- Enable the Root Guard on the Port.
```
iS5comm(config-if)# spanning-tree guard root 
```
- Return to the Privileged EXEC Mode.
```
iS5comm(config-if)#end
```
Execute the no spanning-tree guard command in Interface Configuration Mode to disable root guard on the interface.
Type the following:
```
iS5comm(config-if)# no spanning-tree guard
```
```
Pvrst RootGuard is disabled
```