352-001 · Question #325
Acme Corporation wants to minimize the risk of users plugging unauthorized switches and hubs into the network. Which two features can be used on the LAN access ports to support this design requirement
The correct answer is A. BPDU Guard D. Port Security. BPDU Guard detects unauthorized switches via their BPDUs and err-disables the port, while Port Security limits MAC addresses to block hubs and switches introducing multiple hosts.
Question
Acme Corporation wants to minimize the risk of users plugging unauthorized switches and hubs into the network. Which two features can be used on the LAN access ports to support this design requirement? (Choose two.)
Options
- ABPDU Guard
- BPortFast
- CLoop Guard
- DPort Security
- EUDLD
How the community answered
(31 responses)- A90% (28)
- C3% (1)
- E6% (2)
Why each option
BPDU Guard detects unauthorized switches via their BPDUs and err-disables the port, while Port Security limits MAC addresses to block hubs and switches introducing multiple hosts.
BPDU Guard shuts down an access port the moment a BPDU is received, immediately detecting when an unauthorized switch or bridge has been plugged in and isolating it from the STP domain.
PortFast only accelerates STP port state transitions so end devices come online faster; it provides no mechanism to detect or block unauthorized switches or hubs.
Loop Guard protects against unidirectional link failures that could create STP forwarding loops by monitoring BPDU receipt; it has no capability to detect or block unauthorized device connections.
Port Security restricts the number of learned MAC addresses on a port, triggering a violation action when a hub or unmanaged switch introduces multiple source MAC addresses beyond the configured maximum.
UDLD detects physical-layer unidirectional link failures by monitoring echo replies between neighbors; it does not identify or restrict unauthorized switches or hubs connected to access ports.
Concept tested: LAN access port security against unauthorized switches and hubs
Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.html
Topics
Community Discussion
No community discussion yet for this question.