Practice Q's - STP Stability Flashcards
What is the approximate amount of time it takes for a PortFast-enabled port to transition from blocking to forwarding?
A. Immediately
B. 15 seconds
C. 20 seconds
D. 30 seconds
E. 50 seconds
Answer: A
Explanation:
Instead of waiting for STP to cycle through the blocking, learning, and listening states, PortFast will place the port in the forwarding state immediately.
When PortFast is enabled on a port, the attached end station can join the network almost immediately rather than waiting up to 50 seconds for spanning tree to converge. This feature is designed to enable the connections to workstations and servers to be put into the forwarding state as soon as possible after a spanning-tree reconvergence.
Bypassing the listening and learning states creates an exposure for spanning-tree loops. The default behavior of a PortFast-enabled port is to put the port immediately into a blocking state if a BPDU is received.
The following command enables PortFast:
- switch(config-if)# spanning-tree portfast
You should only enable PortFast on a port that connects an end station. Enabling PortFast on a port that connects another switch could create a loop.
Which feature can you enable on a switch to prevent potential bridging loops caused by invalid configurations on PortFast-configured interfaces?
A. Udld
B. Root Guard
C. BPDU Guard
D. Loop Guard
Answer: C
Explanation:
BPDU Guard prevents bridging loops caused by an invalid configuration on a PortFast-configured interface by shutting down the interface when it receives BPDUs.
PortFast-configured interfaces should not receive BPDUs in a valid configuration because only end devices should be connected to the PortFast interfaces (only switches and bridges send BPDUs). However, if a switch were improperly connected to the PortFast-configured interface, it would begin to receive BPDUs from the switch at the other end of the link. The port would immediately go into the spanning-tree blocking state and the port would begin to send BPDUs, which could cause a bridging loop. BPDU Guard can prevent this situation by providing a secure response to BPDUs received on PortFast-configured interfaces. When enabled, BPDU Guard shuts down a PortFast-configured interface when it receives BPDUs. When BPDU Guard brings down an interface, the interface stays down until an administrator manually puts it back into service.
The following command enables BPDU Guard on an interface:
- switch(config-if)# spanning-tree portfast bpduguard
To further enhance the ability of Root Guard to prevent the introduction of rogue switches in the network, PortFast can be used as well to shut down the port when a switch is connected to it
.
When you globally enable BPDU guard, STP shuts down ports that receive BPDUs. This is called STP PortFast BPDU Guard.
The following command enables STP PortFast BPDU Guard globally. switch(config)# spanning-tree portfast bpduguard default Unidirectional Link Detection (UDLD) improves the stability of Layer 2 networks by detecting and shutting down unidirectional links.
Root Guard provides a mechanism for enforcing root-bridge placement in the network. When enabled on a Layer 2 access port, it forces the port to become a designated port. Root Guard prevents the port from becoming an STP root port.
Loop Guard provides protection against Layer 2 forwarding loops in a physically redundant topology by moving a non-designated port that has not received BPDUs as expected into the STP loop-inconsistent blocking state, preventing the port from cycling through the normal STP listening, learning, and forwarding states. It cannot be used to force a Layer 2 access port to become a designated port. Loop guard can be implemented on a switch either globally or per interface with the following commands.
Globally. the command would be: switch(config)# spanning-tree loopguard default Per interface, the commands would be:
- switch(config)# interface fastethernet0/1 switch(config-if)# spanning-tree guard loop