PrepAway - Latest Free Exam Questions & Answers

Why is BPDU guard an effective way to prevent an unauthorized rogue switch from altering the spanning-tree top

Why is BPDU guard an effective way to prevent an unauthorized rogue switch from altering the spanning-tree topology of a network?

PrepAway - Latest Free Exam Questions & Answers

A.
BPDU guard can guarantee proper selection of the root bridge.

B.
BPDU guard can be utilized along with PortFast to shut down ports when a switch is connected to the port.

C.
BPDU guard can be utilized to prevent the switch from transmitteing BPDUs and incorrectly altering the root bridge election.

D.
BPDU guard can be used to prevent invalid BPDUs from propagating throughout the network.

Explanation:

As long as a port participates in STP, some device can assume the root bridge function and affect active STP topology. To assume the root bridge function, the device would be attached to the port and would run STP with a lower bridge priority than that of the current root bridge. If another device assumes the root bridge function in this way, it renders the network suboptimal. This is a simple form of a denial of service (DoS) attack on the network. The temporary introduction and subsequent removal of STP devices with low (0) bridge priority cause a permanent STP recalculation. The STP PortFast BPDU guard enhancement allows network designers to enforce the STP domain borders and keep the active topology predictable. The devices behind the ports that have STP PortFast enabled are not able to influence the STP topology. At the reception of BPDUs, the BPDU guard operation disables the port that has PortFast configured. The BPDU guard transitions the port into errdisable state, and a message appears on the console.
Reference: Spanning Tree PortFast BPDU Guard Enhancement

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml


Leave a Reply