11.5_PortFast and BPDU Guard Flashcards
To mitigate Spanning Tree Protocol (STP) manipulation attacks, use ___and ____ Guard
PortFast
Bridge Protocol Data Unit (BPDU)
____immediately brings an interface configured as an access port to the forwarding state from a blocking state, bypassing the listening and learning states. Apply to all end-user ports. **should only be configured on ports attached to end devices.
PortFast
____ immediately error disables a port that receives a BPDU. Like PortFast,*** should only be configured on interfaces attached to end devices.
BPDU guard
PortFast can be enabled on an interface by using the ___interface configuration command
spanning-tree portfast
Alternatively, Portfast can be configured globally on all access ports by using the __ global configuration command.
spanning-tree portfast default
To verify whether PortFast is enabled globally you can use either the___ command or the ___ command.
show running-config | begin span
show spanning-tree summary
To verify if PortFast is enabled an interface, use the ___command
show running-config interface type/number
The show ___command can also be used for verification.
spanning-tree interface type/number detail
If any BPDUs are received on a BPDU Guard enabled port, that port is put into error-disabled state. This means the port is shut down and must be manually re-enabled or automatically recovered through the __ global command.
errdisable recovery cause bpduguard
BPDU Guard can be enabled on a port by using the ___interface configuration command.
spanning-tree bpduguard enable
Alternatively, Use the __ global configuration command to globally enable BPDU guard on all PortFast-enabled ports.
spanning-tree portfast bpduguard default
To display information about the state of spanning tree, use the ___ command
show spanning-tree summary
