Which two statements about BPDU guard are true? (Choose two.)
A.
The global configuration command spanning-tree portfast bpduguard default shuts down
interfaces that are in the PortFast-operational state when a BPDU is received on that port.
B.
The interface configuration command spanning-tree portfast bpduguard enable shuts down only
interfaces with PortFast enabled when a BPDU is received.
C.
BPDU guard can be used to prevent an access port from participating in the spanning tree in the
service provider environment.
D.
BPDU guard can be used to protect the root port.
E.
BPDU guard can be used to prevent an invalid BPDU from propagating throughout the network.
Answer: A & C
0
0
C is wrong (BPDU filter can, BPDU guard can’t).
A and B are right.
0
0
Sorry Scooby –
A & B
The BPDU guard feature can be globally enabled on the switch or can be enabled per port, but the feature operates with some differences.
At the global level, you enable BPDU guard on Port Fast-enabled ports by using the spanning-tree portfast bpduguard default global configuration command. Spanning tree shuts down ports that are in a Port Fast-operational state if any BPDU is received on them. In a valid configuration, Port Fast-enabled ports do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled port means an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the port in the error-disabled state. When this happens, the switch shuts down the entire port on which the violation occurred.
To prevent the port from shutting down, you can use the errdisable detect cause bpduguard shutdown vlan global configuration command to shut down just the offending VLAN on the port where the violation occurred.
At the interface level, you enable BPDU guard on any port by using the spanning-tree bpduguard enable interface configuration command without also enabling the Port Fast feature . When the port receives a BPDU, it is put in the error-disabled state.
The BPDU guard feature provides a secure response to invalid configurations because you must manually put the interface back in service. Use the BPDU guard feature in a service-provider network to prevent an access port from participating in the spanning tree.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swstpopt.html#pgfId-1095752
0
0
Scooby is correct…A & C
here is why – B uses the word “only” in reference to portfast. BPDU guard can be enabled withOUT portfast.
0
0
B is wrong as there is no “spanning-tree portfast bpduguard enable” interface command.
it’s only “spanning-tree bpduguard enable”
0
0