Chapter 3: Quiz – Advanced Spanning Tree Tuning (Answers) CCNPv8 ENCOR

26. Which two concepts relate to a switch port that is intended to have only end devices attached and intended never to be used to connect to another switch? (Choose two.)

  • bridge ID
  • adge port
  • extended system ID
  • PortFast
  • PVST+

Explanation: The RSTP edge port concept corresponds to the PVST+ PortFast feature. An edge port connects to an end station and assumes that the switch port does not connect to another switch. RSTP edge ports should immediately transition to the forwarding state, thereby skipping the time-consuming 802.1D listening and learning port states. PVST+ is the default spanning-tree configuration for a Cisco Catalyst switch. The bridge ID (BID) is used to determine the root bridge on a network and includes the bridge priority, the extended system ID, and the MAC address.

27. Which spanning-tree enhancement prevents the spanning-tree topology from changing by blocking a port that receives a superior BPDU?

  • BDPU filter
  • BPDU guard
  • root guard
  • PortFast

Explanation: Root guard prevents the placement of the root bridge from changing by blocking any port that receives a superior BPDU. A superior BPDU is one with a higher root bridge ID than the currently selected root bridge has.

28. After the election of the root bridge has been completed, how will switches find the best paths to the root bridge?

  • Each switch will analyze the sum of the hops to reach the root and use the path with the fewest hops.
  • Each switch will analyze the BID of all neighbors to reach the root and use the path through the lowest BID neighbors.
  • Each switch will analyze the port states of all neighbors and use the designated ports to forward traffic to the root.
  • Each switch will analyze the sum of all port costs to reach the root and use the path with the lowest cost.

Explanation: After the election of a root bridge has occurred, each switch will have to determine the best path to the root bridge from its location. The path is determined by summing the individual port costs along the path from each switch port to the root bridge.

29. On what switch ports should PortFast be enabled to enhance STP stability?

  • all end-user ports
  • only ports that attach to a neighboring switch
  • all trunk ports that are not root ports
  • only ports that are elected as designated ports

Explanation: PortFast will immediately bring an interface configured as an access or trunk port to the forwarding state from a blocking state, bypassing the listening and learning states. If configured on a trunk link, immediately transitioning to the forwarding state could lead to the formation of Layer 2 loops.

30. Which Cisco switch feature ensures that configured switch edge ports do not cause Layer 2 loops if a port is mistakenly connected to another switch?

  • BPDU guard
  • extended system ID
  • PortFast
  • PVST+

Explanation: If switch access ports are configured as edge ports using PortFast, BPDUs should never be received on those ports. Cisco switches support a feature called BPDU guard. When it is enabled, BPDU guard will put an edge port in an error-disabled state if a BPDU is received by the port. This will prevent a Layer 2 loop occurring. PVST+ is an implementation of the Spanning Tree Protocol. The extended system ID is a mechanism of including VLAN ID information in the bridge ID (BID) for each VLAN.

31. What can be implemented to help mitigate the threat of a rogue switch becoming the root bridge in an STP domain?

  • root guard
  • loop guard
  • BPDU guard
  • Source Guard

Explanation: There are several recommended STP stability mechanisms to help mitigate STP manipulation attacks:

  • PortFast – Used to immediately bring an interface configured as an access or trunk port to the forwarding state from a blocking state. Applied to all end-user ports.
  • BPDU guard – Immediately error-disables a port that receives a BPDU. Applied to all end-user ports.
  • Root guard – Prevents a switch from becoming the root switch. Applied to all ports where root switch should not be located.
  • Loop guard – Detects unidirectional links to prevent alternate or root ports from becoming designated ports. Applied to all ports that are or can become non-designated.

32. What determines which switch becomes the STP root bridge for a given VLAN?

  • the lowest bridge ID
  • the highest priority
  • the highest MAC address
  • the lowest IP address

Explanation: STP uses a root bridge as a central point for all spanning tree calculations. To select a root bridge, STP conducts an election process. All switches in the broadcast domain participate in the election process. The switch with the lowest bridge ID, or BID, is elected as the root bridge. The BID is made up of a priority value, an extended system ID, and the MAC address of the switch.

33. What security benefit is gained from enabling BPDU guard on PortFast enabled interfaces?

  • preventing rogue switches from being added to the network
  • protecting against Layer 2 loops
  • enforcing the placement of root bridges
  • preventing buffer overflow attacks

Explanation: BPDU guard immediately error-disables a port that receives a BPDU. This prevents rogue switches from being added to the network. BPDU guard should only be applied to all end-user ports.

34. Which statement is a characteristic of the STP network diameter?

  • STP diameters are restricted by convergence times.
  • Layer 2 root elections should be optimized by adjusting BPDU timers to match network diameter.
  • Using lower bandwidth connections between switches will allow STP to have a larger network diameter.
  • Portfast can be used to increase the allowable switched network diameter because it disables the forward delay and maximum age timers.

Explanation: The optional diameter keyword in the spanning-tree vlan vlan-id root {primary | secondary} [diameter diameter] command allows for tuning of the STP convergence (and should reference the maximum number of Layer 2 hops a switch can be from the root bridge) and also modifies the timers.

35. Refer to the exhibit. All edge ports are configured with the spanning-tree portfast command. Host1 is recently connected to port Fa0/1 on switch SW1. Which statement is true about the status of port Fa0/1?

Chapter 3: Quiz - Advanced Spanning Tree Tuning (Answers) CCNPv8 ENCOR 1

  • The port will transition into the blocking state.
  • The port will transition immediately into the forwarding state.
  • The port will transition into the blocking state and then immediately into the forwarding state.
  • The port will transition into the blocking state and immediately transition through the listening and learning states.

Explanation: When the portfast feature is enabled on a specific access port with the spanning-tree portfast command, the port bypasses the earlier 802.1D STP states (learning and listening) and forwards traffic immediately.

36. On what switch ports should BPDU guard be enabled to enhance STP stability?

  • all PortFast-enabled ports
  • only ports that attach to a neighboring switch
  • all trunk ports that are not root ports
  • only ports that are elected as designated ports

Explanation: End-user ports should connect only to end-user devices and not to other switches. To prevent a switch from being added to the network on an end-user port, BPDU guard will immediately put the port into the error disabled state if a BPDU is received on that port. However, if PortFast is not configured on an end-user port, BPDU guard is not activated on that port.


Related Articles

guest
0 Comments
Inline Feedbacks
View all comments