The answer should be D. The A enables bpduguard on access ports. We have trunks here. So, loopguard enabled on the trunks will solve the issue.
https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10596-84.html give a good explanation
Enabling "spanning-tree portfast bpduguard" on access ports can help prevent Layer 2 loops by shutting down the port if a BPDU (Bridge Protocol Data Unit) is received on the port. This is a common best practice to ensure that access ports do not participate in creating loops.Enabling "spanning-tree loopguard default" globally on a switch will activate the loop guard feature on all designated ports. Loop guard is used to prevent Layer 2 loops in spanning tree networks by detecting and responding to BPDUs (Bridge Protocol Data Units) that are not received as expected.
However, enabling "spanning-tree loopguard default" across all designated ports may not be the most appropriate action in all situations. It's a broad change that can affect the entire switch, potentially leading to unwanted consequences in certain network setups.
As I understand, there are some cases, when we would enable portfast and bpduguard on trunk links (for instance, when connecting to ESXi server). Good thread:
https://community.cisco.com/t5/switching/enable-bpduguard-on-spanning-tree-portfast-trunk-port-yes-or-no/td-p/2534826
Based on the output, these are two switches that are connected through the affected trunk ports. So, I find loopguard to be the appropriate solution.
https://networklessons.com/spanning-tree/spanning-tree-loopguard-udld
Selected answer is correct.
- Not configured under the interface.
- https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10586-65.html
The loop guard feature is enabled on a per-port basis. However, as long as it blocks the port on the STP level, loop guard blocks inconsistent ports on a per-VLAN basis (because of per-VLAN STP). That is, if BPDUs are not received on the trunk port for only one particular VLAN, only that VLAN is blocked (moved to loop-inconsistent STP state). For the same reason, if enabled on an EtherChannel interface, the entire channel is blocked for a particular VLAN, not just one link (because EtherChannel is regarded as one logical port from the STP point of view).
On which ports should the loop guard be enabled? The most obvious answer is on the blocking ports. However, this is not totally correct. Loop guard must be enabled on the non-designated ports (more precisely, on root and alternate ports) for all possible combinations of active topologies. As long as the loop guard is not a per-VLAN feature, the same (trunk) port might be designated for one VLAN and non-designated for the other. The possible failover scenarios should also be taken into account.
Understanding BPDU Guard
The BPDU guard feature can be globally enabled on the switch or can be enabled per interface, but the feature operates with some differences.
At the global level, you enable BPDU guard on Port Fast-enabled STP ports by using the spanning-tree portfast bpduguard default global configuration command. Spanning tree shuts down STP ports that are in a Port Fast-operational state if any BPDU is received on those ports. In a valid configuration, Port Fast-enabled STP ports do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled port signals an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the interface in the error-disabled state.
At the interface level, you enable BPDU guard on any STP port by using the spanning-tree bpduguard enable interface configuration command without also enabling the Port Fast feature. When the STP port receives a BPDU, it is put in the error-disabled state.
The BPDU guard feature provides a secure response to invalid configurations because you must manually put the interface back in service. Use the BPDU guard feature in a service-provider network to prevent an access port from participating in the spanning tree.
You can enable the BPDU guard feature for the entire switch or for an interface.
Switch(config)#int gi0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast has been configured on GigabitEthernet0/1 but will only
have effect when the interface is in a non-trunking mode.
Switch(config-if)#
Switch(config-if)# spanning-tree portfast trunk
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
Switch(config-if)#exit
Switch(config)#spanning-tree portfast bpduguard default
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.300-410 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
OakA1
Highly Voted 3 years, 6 months agoAliMo123
Highly Voted 3 years, 6 months ago[Removed]
3 years, 3 months agoCarl1999
3 years, 2 months agoJStorm01
Most Recent 7 months, 2 weeks agotubirubs
8 months, 2 weeks ago[Removed]
9 months, 1 week agoBTK0311
1 year, 7 months agoridonak230
1 year, 7 months agoHungarianDish_111
1 year, 11 months agoBrand
1 year, 7 months agoSlinky
2 years agoBECAUSE
2 years, 6 months agocyrus777
3 years agocyrus777
3 years agocyrus777
3 years agocyrus777
3 years agocyrus777
3 years agobogd
3 years, 2 months agoCarl1999
3 years, 2 months ago