Which feature can you enable on a switch to prevent potential bridging loops caused by invalid configurations on PortFast-configured interfaces? A. UDLD B. Root Guard C. BPDU Guard D. Loop Guard Suggested Answer: C BPDU Guard prevents bridging loops caused by an invalid configuration on a PortFast-configured interface by shutting down the interface when it receives BPDUs. PortFast-configured interfaces should not receive BPDUs in a valid configuration because only end devices should be connected to the PortFast interfaces (only switches and bridges send BPDUs). However, if a switch were improperly connected to the PortFast-configured interface, it would begin to receive BPDUs from the switch at the other end of the link. The port would immediately go into the spanning-tree blocking state and the port would begin to send BPDUs, which could cause a bridging loop. BPDU Guard can prevent this situation by providing a secure response to BPDUs received on PortFast-configured interfaces. When enabled, BPDU Guard shuts down a PortFast-configured interface when it receives BPDUs. When BPDU Guard brings down an interface, the interface stays down until an administrator manually puts it back into service. The following command enables BPDU Guard on an interface: switch(config-if)# spanning-tree portfast bpduguard To further enhance the ability of Root Guard to prevent the introduction of rogue switches in the network, PortFast can be used as well to shut down the port when a switch is connected to it. When you globally enable BPDU guard, STP shuts down ports that receive BPDUs. This is called STP PortFast BPDU Guard. The following command enables STP PortFast BPDU Guard globally. switch(config)# spanning-tree portfast bpduguard default Unidirectional Link Detection (UDLD) improves the stability of Layer 2 networks by detecting and shutting down unidirectional links. Root Guard provides a mechanism for enforcing root-bridge placement in the network. When enabled on a Layer 2 access port, it forces the port to become a designated port. Root Guard prevents the port from becoming an STP root port. Loop Guard provides protection against Layer 2 forwarding loops in a physically redundant topology by moving a non-designated port that has not received BPDUs as expected into the STP loop-inconsistent blocking state, preventing the port from cycling through the normal STP listening, learning, and forwarding states. It cannot be used to force a Layer 2 access port to become a designated port. Loop guard can be implemented on a switch either globally or per interface with the following commands. Globally. the command would be: switch(config)# spanning-tree loopguard default Per interface, the commands would be: switch(config)# interface fastethernet0/1 switch(config-if)# spanning-tree guard loop Objective: Layer 2 Technologies - Sub-Objective: Configure and verify spanning tree References: Cisco > Cisco IOS LAN Switching Command Reference > show vlan through ssl-proxy module allowed-vlan > spanning-tree portfast bpduguard default This question is in 300-115 Implementing Cisco IP Switched Networks (SWITCH) Exam For getting Cisco Certified Network Professional (CCNP) Routing and Switching Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Cisco. Trademarks, certification & product names are used for reference only and belong to Cisco. The website does not contain actual questions and answers from Cisco's Certification Exam.
Please login or Register to submit your answer
