When STP mitigation features are configured, where should the root guard feature be deployed?
A.
toward ports that connect to switches that should not be the root bridge
B.
on all switch ports
C.
toward user-facing ports
D.
Root guard should be configured globally on the switch.
Explanation:
The configuration of root guard is on a per-port basis. Root guard does not allow the port to become an STP root port, so the port is always STP-designated. If a better BPDU arrives on this port, root guard does not take the BPDU into account and elect a new STP root. Instead, root guard puts the port into the root-inconsistent STP state. You must enable root guard on all ports where the root bridge should not appear. In a way, you can configure a perimeter around the part of the network where the STP root is able to be located.
A. seems to be the best answer