Configuring Root Guard
Here are the commands to
configure and to verify root guard.
To enable root guard on a Layer 2
access port (to force it to become a designated port), or to disable root
guard, use this command:

Switch(config-if)#spanning-tree guard
root
Verifying Root Guard
To verify root
guard use the following commands:

Switch#show running-config interface fastethernet
5/8
Figure
shows
how to determine whether any ports are in a root-inconsistent state: