352-001 · Question #472
In Layer 2 access campus design, which mechanism should be enabled on access ports to protect the campus network from undesired access switches and looped ports?
The correct answer is C. BPDU guard. BPDU guard protects access ports by err-disabling them upon receiving any BPDU, preventing rogue switches and accidental loops from affecting the campus network.
Question
In Layer 2 access campus design, which mechanism should be enabled on access ports to protect the campus network from undesired access switches and looped ports?
Options
- Aroot guard
- BEtherChannel guard
- CBPDU guard
- Dloop guard
How the community answered
(46 responses)- A2% (1)
- B4% (2)
- C91% (42)
- D2% (1)
Why each option
BPDU guard protects access ports by err-disabling them upon receiving any BPDU, preventing rogue switches and accidental loops from affecting the campus network.
Root guard prevents a designated port from accepting a superior BPDU and becoming a root port, protecting root bridge placement rather than blocking unauthorized switch connections on access ports.
EtherChannel guard detects and responds to misconfigured EtherChannel bundles between switches and does not prevent rogue switch connections on individual access ports.
BPDU guard, when enabled on an access port, immediately transitions the port to err-disabled state if any BPDU is received, preventing unauthorized switches from connecting and triggering unwanted spanning-tree topology changes. This is the recommended STP edge-port protection mechanism for ports that should never receive BPDUs, such as end-user-facing access ports in a campus LAN design. It directly addresses both rogue switch attachment and accidental loop creation on access-layer ports.
Loop guard prevents an alternate or root port from transitioning to a forwarding state when BPDUs stop arriving due to a unidirectional link failure, which is unrelated to blocking unauthorized switch connections.
Concept tested: STP BPDU guard on access ports
Source: https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10586-65.html
Topics
Community Discussion
No community discussion yet for this question.