Spanning Tree Protocol
Here you will find answers to Spanning Tree Protocol Questions
Spanning Tree Protocol IEEE 802.1s defines the ability to deploy which of these?
A. one global STP instance for all VLANs
B. one STP instance for each VLAN
C. one STP instance per set of VLANs
D. one STP instance per set of bridges
The IEEE 802.1s standard is the Multiple Spanning Tree (MST). With MST, you can group VLANs and run one instance of Spanning Tree for a group of VLANs.
Other STP types:
+ Common Spanning Tree (CST), which is defined with IEEE 802.1Q, defines one spanning tree instance for all VLANs.
+ Rapid Spanning Tree (RSTP), which is defined with 802.1w, is used to speed up STP convergence. Switch ports exchange an explicit handshake when they transition to forwarding.
Which two of these are used in the selection of a root bridge in a network utilizing Spanning Tree Protocol IEEE 802.1 D? (Choose two)
A. Designated Root Cost
B. bridge ID priority
C. max age
D. bridge ID MAC address
E. Designated Root Priority
F. forward delay
Answer: B D
The IEEE 802.1 standard (STP) is used to create a loop-free Layer 2 network. This protocol uses the bridge ID (a field inside BPDU packets) to elect root bridge. It is 8 bytes in length. The first two bytes are the Bridge Priority, which is an integer in the range of 0 – 65,535 (default is 32,768). The last six bytes are a MAC address supplied by the switch.
In STP, lower bridge ID values are preferred. To compare two bridge IDs, the priority is compared first. If two bridges have equal priority, then the MAC addresses are compared. For example, if switch A (MAC=0600.0000.1111) and B (MAC=0600.0000.2222) both have a priority of 10, then switch A will be selected as the root bridge because it has lower MAC.
If a port configured with STP loop guard stops receiving BPDUs, the port will be put into which state?
A. learning state
B. listening state
C. forwarding state
D. root-inconsistent state
Loop Guard protects a switch trunk port from causing loops. It prevents switch ports from wrongly moving from a blocking to a forwarding state when a unidirectional link exists in the network.
Unidirectional links are simply links for which one of the two transmission paths on the link has failed, but not both. This can happen as a result of miscabling, cutting one ﬁber cable, unplugging one ﬁber or other reasons.
Let’s consider an example.
The network consists of 3 switches without Loop Guard feature. Switch 1 is the root switch. A port on Switch 3 is in blocking state, other ports are forwarding normally.
Suppose that Switch 3 does not receive BPDUs (Hellos) from Switch 2 due to unidirectional link failure on the link between switch 2 and switch 3. Switch 3 then transitions to forwarding state, and now all trunks on all switches are forwarding. Well, we have a loop!
With Loop Guard feature turned on, the blocking port on switch 3 will not transition to forwarding state but will fall into an STP loop-inconsistent state (same as blocking state).
(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094640.shtml & CCIE Routing and Switching Official Exam Certification)
What is the purpose of the STP PortFast BPDU guard feature?
A. enforce the placement of the root bridge in the network
B. ensure that a port is transitioned to a forwarding state quickly if a BPDU is received
C. enforce the borders of an STP domain
D. ensure that any BPDUs received are forwarded into the STP domain
By default, STP runs on all ports on a switch but most of these ports are connected to an end-user device (printers, PCs, servers). Suppose that someone turns off the PC and then turns on, it will take up to 50 seconds before the port transits to the forwarding state and can be usable (15 seconds for Listening to Learning, and 15 seconds for Learning to Forwarding and if that port is running Port Aggregation Protocol (PAgP) to negotiate EtherChannel conﬁguration, an additional 20-second delay can occur).
Therefore the STP PortFast feature is used to allow immediate transition of the port into forwarding state. Notice that PortFast is for access (user) ports only. It causes the port to bypass the STP listening and learning states and transition directly to forwarding. However, Spanning-tree loop detection is still in operation and the port moves into the Blocking state if a loop is ever detected on the port.
But there is an issue with PortFast feature. For example, if we connect a switch to a PortFast port, the loop can occur or this new switch can make the STP block important ports if it takes over the root bridge function.
This situation can be prevented with the BPDU guard feature. This feature disables (shuts down) the port as soon as the switch receives the STP BPDU from the port which has been configured with BPDU guard, placing it in the errdisable
The STP PortFast BPDU guard enhancement allows network designers to enforce the STP domain borders and keep the active topology predictable. The devices behind the ports that have STP PortFast enabled are not able to influence the STP topology.
When STP UplinkFast is enabled on a switch utilizing the default bridge priority, what will the new bridge priority be changed to?
The STP UplinkFast is used to fast switchover to alternate ports when the root port fails. When STP UplinkFast is enabled on a switch utilizing the default bridge priority (32768), the new bridge priority will be changed to 49152. The reason for the priority being raised is to prevent the switch from becoming the root (recall that lower bridge priority is preferred). To enable UplinkFast feature, use the “set spantree uplinkfast enable” in privileged mode
The set spantree uplinkfast enable command has the following results:
+ Changes the bridge priority to 49152 for all VLANs (allowed VLANs).
+ Increases the path cost and portvlancost of all ports to a value greater than 3000.
+ On detecting the failure of a root port, an instant cutover occurs to an alternate port selected by Spanning Tree Protocol (without using this feature, the network will need about 30 seconds to re-establish the connection.
The classic Spanning Tree Protocol (802.1 D 1998) uses which sequence of variables to determine the best received BPDU?
A. 1) lowest root bridge id, 2) lowest sender bridge id, 3) lowest port id, 4) lowest root path cost
B. 1) lowest root path cost, 2) lowest root bridge id, 3) lowest sender bridge id, 4) lowest sender port id
C. 1) lowest root bridge id, 2) lowest sender bridge id, 3) lowest root path cost 4) lowest sender port id
D. 1) lowest root bridge id, 2) lowest root path cost, 3) lowest sender bridge id, 4) lowest sender port id
The parts of a BPDU are:
* Root BID – This is the BID of the current root bridge.
* Path cost to root bridge – This determines how far away the root bridge is. For example, if the data has to travel over three 100-Mbps segments to reach the root bridge, then the cost is (19 + 19 + 0) 38. The segment attached to the root bridge will normally have a path cost of zero.
* Sender BID – This is the BID of the switch that sends the BPDU.
* Port ID – This is the actual port on the switch that the BPDU was sent from.
Which three port states are used by RSTP 802.1w? (Choose three)
Answer: B C E
Rapid Spanning Tree (RSTP) 802.1w is a standards-based, non-proprietary way of speeding STP convergence. Switch ports exchange an explicit handshake when they transition to forwarding. RSTP describes different port states than regular STP as described below:
|STP Port State||Equivalent RSTP Port State|
Refer to the exhibit. In the diagram, the switches are running IEEE 802.1s MST. Which ports are in the MST blocking state?
A. GE-1/2 and GE 2/1
B. GE-1/1 and GE-2/2
C. GE-3/2 and GE 4/1
D. no ports are in the blocking state
E. There is not enough information to determine which ports are in the blocking state.
All these four switches are running MST and they are load-balancing. Dist-1 is the root bridge of VLANs 20 & 120 while Dist-2 is the root bridge of VLANs 40 & 140.
For VLANs 20, 120 switch Dist-1 is the root bridge so GE-4/1 & GE-4/2 links of Dist-2 are blocked:
For VLANs 40, 140 switch Dist-2 is the root bridge so GE-3/1 & GE-3/2 links of Dist-1 are blocked:
But notice that there are no ports in blocking state although some ports are blocked for specific VLANs. Remember that the blocking state in MST switch means that the port is blocked for all VLANs.
Refer to the exhibit. In the diagram, the switches are running IEEE 802.1w RSTP. On which ports should root guard be enabled in order to facilitate deterministic root bridge election under normal and failure scenarios?
A. GE-3/1, GE-3/2
B. FE-2/1, FE-3/2
C. GE-1/1, GE-1/2
D. GE-4/1, GE-4/2
E. GE-2/1, GE-2/2
F. GE-3/1, GE-3/2, GE-4/1, GE-4/2, FE-2/1, FE-3/2
Root Guard is a Cisco-specific feature that prevents a Layer 2 switched port from becoming a root port. It is enabled on ports other than the root port and on switches other than the root. If a Root Guard port receives a BPDU that might cause it to become a root port, then the port is put into “root-inconsistent” state and does not pass traffic through it. If the port stops receiving these BPDUs, it automatically re-enables itself.
This feature is sometimes recommended on aggregation layer ports that are facing the access layer, to ensure that a configuration error on an access layer switch cannot cause it to change the location of the spanning tree root switch (bridge) for a given VLAN or instance. Below is a recommended port’s features should be enabled in a network.
The port FE-2/1 & FE-3/2 should be turned on the Root Guard feature because hackers can try to plug these ports into other switches or try to run a switch-simulation software on these PCs. Imagine a new switch that is introduced into the network with a bridge priority lower than the current root bridge. In a normal STP operation, this new bridge can become the new Root Bridge and disrupt your carefully designed network. The recommended design is to enable Root Guard on all access ports so that a root bridge is not established through this port.
Note: The Root Guard affects the entire port. Therefore it applies to all VLANs on that port. To enable this feature, use the following command in interface configuration:
Switch(config-if)# spanning-tree guard root
Loop guard and UniDirectional Link Detection both protect against Layer 2 STP loops. In which two ways does loop guard differ from UDLD in loop detection and prevention? (Choose two)
A. Loop guard can be used with root guard simultaneously on the same port on the same VLAN while UDLD cannot.
B. UDLD protects against STP failures caused by cabling problems that create one-way links.
C. Loop guard detects and protects against duplicate packets being received and transmitted on different ports.
D. UDLD protects against unidirectional cabling problems on copper and fiber media.
E. Loop guard protects against STP failures caused by problems that result in the loss of BPDUs from a designated switch port.
Answer: B E