STP Questions
Quick review about BPDUGuard & BPDUFilter: BPDU Guard feature allows STP to shut an access port in the event of receiving a BPDU and put that port into err-disabled state. BPDU Guard is configured under an interface via this command: Switch(config-if)#spanning-tree bpduguard enable Or configured globally via this command (BPDU Guard is enabled on all PortFast interfaces): Switch(config)#spanning-tree portfast edge bpduguard default BPDUFilter is designed to suppress the sending and receiving of BPDUs on an interface. There are two ways of configuring BPDUFilter: under global configuration mode or under interface mode but they have subtle difference. If BPDUFilter is configured globally via this command: Switch(config)#spanning-tree portfast bpdufilter default BPDUFilter will be enabled on all PortFast-enabled interfaces and will suppress the interface from sending or receiving BPDUs. This is good if that port is connected to a host because we can enable PortFast on this port to save some start-up time while not allowing BPDU being sent out to that host. Hosts do not participate in STP and hence drop the received BPDUs. As a result, BPDU filtering prevents unnecessary BPDUs from being transmitted to host devices. If BPDUFilter is configured under interface mode like this: Switch(config-if)#spanning-tree bpdufilter enable It will suppress the sending and receiving of BPDUs. This is the same as disabling spanning tree on the interface. This choice is risky and should only be used when you are sure that port only connects to host devices. |
Question 1
Explanation
The purpose of Port Fast is to minimize the time interfaces must wait for spanning-tree to converge, it is effective only when used on interfaces connected to end stations.
Question 2
Question 3
Explanation
SW1 needs to block one of its ports to SW2 to avoid a bridging loop between the two switches. Unfortunately, it blocked the fiber port Link2. But how does SW2 select its blocked port? Well, the answer is based on the BPDUs it receives from SW1. A BPDU is superior than another if it has:
1. A lower Root Bridge ID
2. A lower path cost to the Root
3. A lower Sending Bridge ID
4. A lower Sending Port ID
These four parameters are examined in order. In this specific case, all the BPDUs sent by SW1 have the same Root Bridge ID, the same path cost to the Root and the same Sending Bridge ID. The only parameter left to select the best one is the Sending Port ID (Port ID = port priority + port index). And the port index of Gi0/0 is lower than the port index of Gi0/1 so Link 1 has been chosen as the primary link.
Therefore we must change the port priority to change the primary link. The lower numerical value of port priority, the higher priority that port has. In other words, we must change the port-priority on Gi0/1 of SW1 (not on Gi0/1 of SW2) to a lower value than that of Gi0/0.
Question 4
Explanation
Where to Use MST
This diagram shows a common design that features access Switch A with 1000 VLANs redundantly connected to two distribution Switches, D1 and D2. In this setup, users connect to Switch A, and the network administrator typically seeks to achieve load balancing on the access switch Uplinks based on even or odd VLANs, or any other scheme deemed appropriate.
Reference: https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24248-147.html
Question 5
Explanation
From the second command output (show spanning-tree mst) we learn that MST1 includes VLANs 10 & 20. Therefore if we want DSW1 to become root bridge for these VLANs we need to set the MST 1 region to root -> The command “spanning-tree mst 1 root primary” can do the trick. In fact, this command runs a macro and sets the priority lower than the current root.
Also we can see the current root bridge for these VLANs has the priority of 32769 (default value + sysid) so we can set the priority of DSW1 to a specific lower value. But notice that the priority must be a multiple of 4096. Therefore D is a correct answer.
Question 6
Explanation
In the topology above, we see DSW2 has lowest priority 24576 so it is the root bridge for VLAN 10 so surely all traffic for this VLAN must go through it. All of DSW2 ports must be in forwarding state.
The next thing we have to figure out is which port of ALSW1 would be chosen as root port as traffic must go via this port. The root port is chosen via the following sequence of three conditions:
1. Lowest accumulated cost on interfaces towards Root Bridge
2. Lowest Sender Bridge ID
3. Lowest Sender Port ID (= Port Priority + Port Number)
Let’s start with the first condition: Lowest accumulated cost on interfaces towards Root Bridge. This question did not mention about which method that STP is using (short or long method) so we will suppose the default, which is short method, is used. With this method, the STP cost of 10Gbps is 2 while the STP cost of 1Gbps is 4.
Therefore the path cost from DSW2 to ALSW1
+ via DSW2 -> DSW1 -> ALSW1 is 2 + 2 = 4 and
+ the path cost from DSW2 -> ALSW1 (direct link) is 4, too
-> The first condition is equal so we have to use the second one: Lowest Sender Bridge ID
In this condition, the direct path DSW2 -> ALSW1 wins because the sender Bridge ID of DSW2 is lower.
Therefore ALSW1 will choose Gi0/2 the root port and the link between ALSW1 and DSW1 is blocked by STP to prevent loop.
Therefore PC1 must go via this path: PC1 -> ALSW1 -> DSW2 -> DSW1.
Question 7
Explanation
Root guard does not allow the port to become a STP root port, so the port is always STP-designated. If a better BPDU arrives on this port, root guard does not take the BPDU into account and elect a new STP root. Instead, root guard puts the port into the root-inconsistent STP state which is equal to a listening state. No traffic is forwarded across this port.
Below is an example of where to configure Root Guard on the ports. Notice that Root Guard is always configure on designated ports.
To configure Root Guard use this command:
Switch(config-if)# spanning-tree guard root
Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10588-74.html
Question 8
For question 3.
Refer to the exhibit. Link1 is a copper connection and Link2 is a fiber connection. The fiber port must be the primary port for all forwarding. The output of the show spanning-tree command on SW2 shows that the fiber port is blocked by spanning tree. An engineer enters the spanning-tree port-priority 32 command on G0/1 on SW2, but the port remains blocked.
Which command should be entered on the ports that are connected to Link2 to resolve the issue?
A. Enter spanning-tree port-priority 4 on SW2
B. Enter spanning-tree port-priority 224 on SW1
C. Enter spanning-tree port-priority 64 on SW2wrong
D. Enter spanning-tree port-priority 32 on SW1
The correct answer is stated is D.
I think there’s some error on the question? As on the exhibit the SW1 is the root bridge, therefore all ports on the SW1 is designated(FWD) and no further config is needed on the SW1’s end. On the other side SW2, needs to block one of it’s ports going to the root bridge, and it is via the ff:
1. A lower path cost to the Root –> Tie, based on the show spanning-tree command both ports to the root bridge(SW1) has the same cost of 4.
2. A lower Root Bridge ID –> Tie as both interfaces are pointing to the same SW (SW1) = same bridge ID.
3. A lower Sending Port Priority/ID –> Which is by default makes the link1 via G0/0 on SW2 the forwarding port as it has the lower port ID advertised by SW1 (G0/0).
The question states that “An engineer enters the spanning-tree port-priority 32 command on G0/1 on SW2, but the port remains blocked.”
^Wouldn’t this command already makes the interface G0/1 the forwarding port as it has the lower port-priority (32) compared to the G0/0 (120)?
It seems there is some confusion on this question itself. Or maybe someone can correct me if my understanding is wrong.
Thanks!
@LTZY: The answer is already stated: SW1 is root bridge for VLAN10. SW2 is not the root bridge as result of “show spanning-tree”
SW1 needs to block one of its ports to SW2 to avoid a bridging loop between the two switches. Unfortunately, it blocked the fiber port Link2 (because of port index gi0/1 is higher than gi0/0). But how does SW2 select its blocked port? Well, the answer is based on the BPDUs it receives from SW1. A BPDU is superior than another if it has:
1. A lower Root Bridge ID
2. A lower path cost to the Root
3. A lower Sending Bridge ID
4. A lower Sending Port ID
Q 7 – answer B does not “explicitly configure a switch as the root bridge”, it only protects switch from further superior BPDUs so D is correct.
PacMan, as per the document provided below Q7:
” Note: The administrator can set the root bridge priority to 0 in an effort to secure the root bridge position. But there is no guarantee against a bridge with a priority of 0 and a lower MAC address.
The root guard feature provides a way to enforce the root bridge placement in the network. ”
So the answer is correct and is B
@ez0p4o Thank you for clarifying, i also thought the answer was setting the Priority to 0.
Question 6 – the diagram shows the links from DSW2 to the two ALSW switches as being 1 Gbps while all other links are 10 Gbps. Shouldn’t that make ALSW1’s root port Gi0/1 and Gi0/2 in blocking state? I have access to an EVE lab and labbed it up and that’s how it works in my lab.
About Q7:
Answer A is meningless because 32768 is the default priority on any switch.
Answer B mentions access-ports with portfast. In my understanding access ports do not relate to downstream switches. After all the question is talking about a 3-tier architecture, which means trunks between switches. Root Guard must be applied on switch-to-switch ports to have any effect towards the desired result.
Answer C is talking about BPDU guard applied on switch-to-switch ports, but BPDU guard works on Access ports with Portfast (and trunks connected to Servers) and will disable the port upon receipt of any BPDU (not only a superior one) therefore blocking communication in any case, so this is not acceptable as well.
I believe that D is the better answer, and it is the only one that explicity configures the switch as a root bridge.
@Digitaltut – Please review the correct answer again
Q6:
Answer A and D could be correct. Depending if they using the short or the long cost for a port and they don’t have changed the port costs.
With short cost the 1 Gig connection have a cost of 4 and the 10 Gig a cost of 2. That would mean the cost from ALSW1 to Root would be 4 and the cost from ALSW1 over DSW1 to Root would be also 4 (2x 10Gig = 4). In this case the lower bridge ID wins.
If they using the long cost, the cost for 1Gig is 20000 and for 10 Gig 2000. That would mean the ALSW1 to Root path cost 20000 and the ALSW1 over DSW1 to Root would have a cost of 4000. In this case the 10 Gig connection would win.
By default the switches should use the short cost, but can someone find any hint the graphic that they using long cost?
Q1: What is the primary effect of the spanning-tree portfast command?
A. It enables BPDU messages
B. It minimizes spanning-tree convergence time
C. It immediately puts the port into the forwarding state when the switch is reloaded
D. It immediately enables the port in the listening state
Why is “C” incorrect?
Q6:
ALSW1 must choice a root port. It is receiving BPDUs via G0/1 and G0/2 from the root bridge DSW2.
The cost scheme “short” is used by default.
The BPDU DSW2 -> DSW1 -> ALSW1 has a cost 2+2=4
The BPDU DSW2 -> ALSW1 has a cost 4 too.
So ALSW1 must compare BridgeID.
The BridgeID of DSW1 is 001b.xxxx
The BridgeID of DSW2 is 0018.xxxx and it is LOWER than the BridgeID of DSW1
So the root port will be only G0/2 and the answer “A” is INCORRECT.
The way from PC1 to DSW1 is ALSW1 -> DSW2 -> DSW1. Answer “D”!
@werewolf
Q1:We are used to thinking that portfast makes the access port come up quicker but the cisco material explicitly says “An interface with Port Fast enabled goes through the normal cycle of spanning-tree status changes when the switch is restarted.” The less obvious implication is that it still is quicker when the single interface transitions from down to up rather than the whole switch.
Q1 – if you follow the link you provide for this question it states ” Port Fast immediately brings an interface configured as an access or trunk port to the forwarding state” so shouldn’t the answer be “C”?
@Yubi Q1
Read further into Cisco’s doc. The key word in answer “C” is when the switch is reloaded.
“An interface with Port Fast enabled goes through the normal cycle of spanning-tree status changes when the switch is restarted.”
No picture at question 6 Root_Bridge.jpg
Picture on question 6 is corrupted here in this page, but in the quiz page is working fine:
https://www.digitaltut.com/stp-quiz
@digitaltut please fix that
@Ellie, @YourFriendlyNeighboorhoodSpiderMan: Thank you for your information, we fixed the corrupted image in Q6!
Q 5 Why you chose D (Aspanning-tree mstp 1 priority 4096)
I suppose A is the valid answer i.e. (spanning-tree mstp 1 priority 0)
Q3 is complete crap.
It is not seen what is the Prio.Nbr in SW1. It is clear the command must be in SW1 since it is the root bridge. So answers must be either A or B.
Since B is worse than A, then A is correct, but not because of the explanation provided.
Question 6:
I understand why DSW2 is the root bridge and why ALSW sends traffic through it’s root port Gi0/2, but why does DSW2 send traffic to DSW1 and not directly to the Core? Seems like an unnecessary extra hop.
Not so sure about Q7:
THe nswer must be root guard not a priority setting to protect from another switch with same priority.
Unless the question has been copied inaccurately B cant be correct.
B. Configure root guard and portfast on all access switch ports.
You need root guard on all ports facing downstream switches, if you configured root guard on all access switch ports this would prevent the access switches from seeing the core as root would it not?
D is open to interpretation as root guard could be configured on all links but only in the right direction so it seems like a reasonable but imperfect answer