一、实验拓扑：

二、实验命令：
1、基本部署：
IOU1(config)#int range e1/0 - 1
IOU1(config-if-range)#no shutdown
IOU1(config-if-range)#switchport trunk encapsulation dot1q
IOU1(config-if-range)#switchport mode trunk

IOU2(config)#int range e1/0 - 1
IOU2(config-if-range)#no shutdown
IOU2(config-if-range)#switchport trunk encapsulation dot1q
IOU2(config-if-range)#switchport mode trunk

IOU3(config)#int range e1/0 - 1
IOU3(config-if-range)#no shutdown
IOU3(config-if-range)#switchport trunk encapsulation dot1q
IOU3(config-if-range)#switchport mode trunk

IOU3(config)#int e1/2
IOU3(config-if)#no shutdown
IOU3(config-if)#switchport mode access

2、重点命令：
IOU3(config)#int e1/2
IOU3(config-if)#no shutdown
IOU3(config-if)#spanning-tree guard root
IOU3(config-if)#
*Apr 26 06:19:34.814: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port Ethernet1/2

IOU3#show spanning-tree vlan 1
Et0/0 Desg FWD 100 128.1 Shr
Et0/1 Desg FWD 100 128.2 Shr
Et0/2 Desg FWD 100 128.3 Shr
Et0/3 Desg FWD 100 128.4 Shr
Et1/0 Altn BLK 100 128.5 Shr
Et1/1 Root FWD 100 128.6 Shr
Et1/2 Desg FWD 100 128.7 Shr

接着在Hacker上做：
Hacker(config)#spanning-tree vlan 1 priority 0
IOU3上提示：
*Apr 26 06:23:14.796: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking port Ethernet1/2 on VLAN0001.

结果验证：
IOU3#show spanning-tree vlan 1
VLAN0001
Interface Role Sts Cost Prio.Nbr Type
Et0/0 Desg FWD 100 128.1 Shr
Et0/1 Desg FWD 100 128.2 Shr
Et0/2 Desg FWD 100 128.3 Shr
Et0/3 Desg FWD 100 128.4 Shr
Et1/0 Altn BLK 100 128.5 Shr
Et1/1 Root FWD 100 128.6 Shr
Et1/2 Desg BKN100 128.7 Shr ROOT_Inc