Spanning Tree Protocol + Security(Personal learning)

Question 1

Spanning-Tree Protocol

Answer 1

Prevents loops from being formed when switches or bridges are interconnected via multiple paths.

Question 2

Spanning Tree Protocol Features

Answer 2

When switches are interconnected via multiple paths, STP prevents loops from being formed. An STP loop (or forwarding loops) can occur when the entire network fails because of a hardware failure, a configuration issue, or a network attack. STP loops can be costly, causing major network outages. The following STP features can be used to improve the stability of the Layer 2 networks.

Question 3

Bridge Protocol Data Unit (BPDU) Guard

Answer 3

Bridge protocol data units (BPDU) are data messages exchanged between bridges using spanning tree protocol to detect loops in a network topology. BPDU contains management and control data information that is used to determine the root bridge and establish the port roles—for example: root, designated, or blocked port.

Question 4

BPDU Guard feature

Answer 4

designed to keep the active topology predictable and to enhance switch network reliability by enforcing the STP domain borders.

Question 5

At the global level, BPDU Guard can be enabled on a port with port fast enabled using the ____ default global configuration command. Spanning tree shuts down interfaces that are in a port fast operational state.

Answer 5

spanning-tree portfast bpduguard

Question 6

At the interface level, BPDU Guard can be enabled on an interface by using the ____ interface configuration command without also enabling the port fast feature. When the interface receives a BPDU, the switch assumes that a problem exists and puts the interface in the error-disabled state.

Answer 6

spanning-tree bpduguard enable

Question 7

Root Guard

Answer 7

With the Root Guard feature, a Layer 2 interface is set as the designated port, and if any device through this port becomes the root bridge, the interface is placed into the blocked (root-inconsistent) state. The Root Guard feature can be enabled by using the spanning-tree guard root command in interface configuration mode.

Question 8

EtherChannel Guard

Answer 8

The EtherChannel Guard feature is used to detect EtherChannel misconfigurations between the switch and a connected device.

Question 9

EtherChannel Guard Command

Answer 9

When the switch detects an EtherChannel misconfiguration, the EtherChannel Guard places the switch interface in the error-disabled state and displays an error message.

The EtherChannel Guard feature can be enabled by using the spanning-tree etherchannel guard misconfig global configuration command.

Question 10

Loop Guard

Answer 10

The Loop Guard feature provides an additional layer of protection against the Layer 2 forwarding loops (STP loops) by preventing alternative or root ports from becoming designated ports because of a failure resulting in a unidirectional link. This feature works best when enabled on all switches across a network. By default, the spanning tree does not send BPDUs on root or alternative ports.

Question 11

Loop Guard Command

Answer 11

The Loop Guard feature can be enabled by using the spanning-tree loopguard default global configuration command.