STP Root Guard

On this Topology, We have 3 switches, Sw1 has bridge ID 10, Sw2 has bridge ID 20, and Sw3 has bridge ID 30. In this topology, we know that Sw1 is a  Root Bridge because it has a lower bridge ID, as we know all of the ports on sw1 will become designated ports. Sw2 F0/1 will become the Root port, f0/3 will become the specified port, F0/2 will become the Root port, and F0/3 will get blocked. 

Now for some reason, someone changes the Bridge ID on Sw3, and it becomes a Root Bridge, now the topology will change, and we don't want that happen in our network. That reason why we need to configure a Root Guard. 

As we know, DP will send BBDU, and none of DP will receive BBDU. In this case, IF someone changes the bridge id on SW3, now F0/2 on SW3 will become a designated port, and it will send BBDU. And F0/2 on SW1 will receive BBDU.

To Stop this from happening, we need to configure using ROOT Guard. ROOT Guard is a feature that applies on a Designated port, and when it receives BPDU, it puts that port into the root-inconsistent state. And it will block. 

Now, if you can see if any want tries to change the bridge id on SW3, the administration will get the notification.