26. Which two concepts relate to a switch port that is intended to have only end devices attached and intended never to be used to connect to another switch? (Choose two.)
- bridge ID
- adge port
- extended system ID
- PortFast
- PVST+
Explanation: The RSTP edge port concept corresponds to the PVST+ PortFast feature. An edge port connects to an end station and assumes that the switch port does not connect to another switch. RSTP edge ports should immediately transition to the forwarding state, thereby skipping the time-consuming 802.1D listening and learning port states. PVST+ is the default spanning-tree configuration for a Cisco Catalyst switch. The bridge ID (BID) is used to determine the root bridge on a network and includes the bridge priority, the extended system ID, and the MAC address.
27. Which spanning-tree enhancement prevents the spanning-tree topology from changing by blocking a port that receives a superior BPDU?
- BDPU filter
- BPDU guard
- root guard
- PortFast
Explanation: Root guard prevents the placement of the root bridge from changing by blocking any port that receives a superior BPDU. A superior BPDU is one with a higher root bridge ID than the currently selected root bridge has.
28. After the election of the root bridge has been completed, how will switches find the best paths to the root bridge?
- Each switch will analyze the sum of the hops to reach the root and use the path with the fewest hops.
- Each switch will analyze the BID of all neighbors to reach the root and use the path through the lowest BID neighbors.
- Each switch will analyze the port states of all neighbors and use the designated ports to forward traffic to the root.
- Each switch will analyze the sum of all port costs to reach the root and use the path with the lowest cost.
Explanation: After the election of a root bridge has occurred, each switch will have to determine the best path to the root bridge from its location. The path is determined by summing the individual port costs along the path from each switch port to the root bridge.
29. On what switch ports should PortFast be enabled to enhance STP stability?
- all end-user ports
- only ports that attach to a neighboring switch
- all trunk ports that are not root ports
- only ports that are elected as designated ports
Explanation: PortFast will immediately bring an interface configured as an access or trunk port to the forwarding state from a blocking state, bypassing the listening and learning states. If configured on a trunk link, immediately transitioning to the forwarding state could lead to the formation of Layer 2 loops.
30. Which Cisco switch feature ensures that configured switch edge ports do not cause Layer 2 loops if a port is mistakenly connected to another switch?
- BPDU guard
- extended system ID
- PortFast
- PVST+
Explanation: If switch access ports are configured as edge ports using PortFast, BPDUs should never be received on those ports. Cisco switches support a feature called BPDU guard. When it is enabled, BPDU guard will put an edge port in an error-disabled state if a BPDU is received by the port. This will prevent a Layer 2 loop occurring. PVST+ is an implementation of the Spanning Tree Protocol. The extended system ID is a mechanism of including VLAN ID information in the bridge ID (BID) for each VLAN.
31. What can be implemented to help mitigate the threat of a rogue switch becoming the root bridge in an STP domain?
- root guard
- loop guard
- BPDU guard
- Source Guard
Explanation: There are several recommended STP stability mechanisms to help mitigate STP manipulation attacks:
- PortFast – Used to immediately bring an interface configured as an access or trunk port to the forwarding state from a blocking state. Applied to all end-user ports.
- BPDU guard – Immediately error-disables a port that receives a BPDU. Applied to all end-user ports.
- Root guard – Prevents a switch from becoming the root switch. Applied to all ports where root switch should not be located.
- Loop guard – Detects unidirectional links to prevent alternate or root ports from becoming designated ports. Applied to all ports that are or can become non-designated.
32. What determines which switch becomes the STP root bridge for a given VLAN?
- the lowest bridge ID
- the highest priority
- the highest MAC address
- the lowest IP address
Explanation: STP uses a root bridge as a central point for all spanning tree calculations. To select a root bridge, STP conducts an election process. All switches in the broadcast domain participate in the election process. The switch with the lowest bridge ID, or BID, is elected as the root bridge. The BID is made up of a priority value, an extended system ID, and the MAC address of the switch.
33. What security benefit is gained from enabling BPDU guard on PortFast enabled interfaces?
- preventing rogue switches from being added to the network
- protecting against Layer 2 loops
- enforcing the placement of root bridges
- preventing buffer overflow attacks
Explanation: BPDU guard immediately error-disables a port that receives a BPDU. This prevents rogue switches from being added to the network. BPDU guard should only be applied to all end-user ports.
34. Which statement is a characteristic of the STP network diameter?
- STP diameters are restricted by convergence times.
- Layer 2 root elections should be optimized by adjusting BPDU timers to match network diameter.
- Using lower bandwidth connections between switches will allow STP to have a larger network diameter.
- Portfast can be used to increase the allowable switched network diameter because it disables the forward delay and maximum age timers.
Explanation: The optional diameter keyword in the spanning-tree vlan vlan-id root {primary | secondary} [diameter diameter]
command allows for tuning of the STP convergence (and should reference the maximum number of Layer 2 hops a switch can be from the root bridge) and also modifies the timers.
35. Refer to the exhibit. All edge ports are configured with the spanning-tree portfast command. Host1 is recently connected to port Fa0/1 on switch SW1. Which statement is true about the status of port Fa0/1?
- The port will transition into the blocking state.
- The port will transition immediately into the forwarding state.
- The port will transition into the blocking state and then immediately into the forwarding state.
- The port will transition into the blocking state and immediately transition through the listening and learning states.
Explanation: When the portfast feature is enabled on a specific access port with the spanning-tree portfast
command, the port bypasses the earlier 802.1D STP states (learning and listening) and forwards traffic immediately.
36. On what switch ports should BPDU guard be enabled to enhance STP stability?
- all PortFast-enabled ports
- only ports that attach to a neighboring switch
- all trunk ports that are not root ports
- only ports that are elected as designated ports
Explanation: End-user ports should connect only to end-user devices and not to other switches. To prevent a switch from being added to the network on an end-user port, BPDU guard will immediately put the port into the error disabled state if a BPDU is received on that port. However, if PortFast is not configured on an end-user port, BPDU guard is not activated on that port.
“Do I Know This Already?” Quiz Answers:
1. A switch’s STP priority can be configured in increments of ______.
- 1
- 256
- 2048
- 4096
Explanation: A switch’s STP priority increments in values of 4096. The priority is actually added to the VLAN number as part of the advertisement. The VLAN identifier is 12 bits, which is a decimal value of 4096.
2. True or false: The advertised path cost includes the advertising link’s port cost as part of the configuration BPDU advertisement.
- True
- False
Explanation: The advertising path cost includes the calculate path cost but does not include the path cost of the interface from which the BPDU is being advertised.
3. True or false: The switch port with the lower STP port priority is more preferred.
- True
- False
Explanation: As part of the STP algorithm, when two links exist between two switches, on the upstream switch, the port with the lower port priority is preferred.
4. What happens to a switch port when a BPDU is received on it when BPDU guard is enabled on that port?
- A message syslog is generated, and the BPDU is filtered.
- A syslog message is not generated, and the BPDU is filtered.
- A syslog message is generated, and the port is sent back to a listening state.
- A syslog message is generated, and the port is shut down.
Explanation: BPDU guard generates a syslog message and shuts down an access port upon receipt of a BPDU.
5. Enabling root guard on a switch port does what?
- Upon receipt of an inferior BPDU, the port is shut down.
- Upon receipt of a superior BPDU, the port is shut down.
- Upon receipt of an inferior BPDU, the BPDU is filtered.
- When the root port is shut down, only authorized designated ports can become root ports.
Explanation: Root guard ensures that the designated port does not transition into a root port by shutting down the port upon receipt of a superior BPDU.
6. UDLD solves the problem of ______.
- time for Layer 2 convergence
- a cable sending traffic in only one direction
- corrupt BPDU packets
- flapping network links
Explanation: Unidirectional Link Detection (UDLD) solves the problem when a cable malfunctions and transmits data in only one direction.