Cisco
400-007 · Question #35
400-007 Question #35: Real Exam Question with Answer & Explanation
The correct answer is D: BPDU Guard should be enabled on all VTEP access ports. VXLAN is a pure encapsulation technology with no native Layer 2 loop prevention, so BPDU Guard must be enabled on VTEP access ports to err-disable any port where a switch is connected and could introduce a loop.
Question
Your company wants to deploy a new data center infrastructure. Based on the requirements you have chosen VXLAN as encapsulation technology. The customer is concerned about miss-configuration of Layer 2 devices and DC wide outages caused by Layer 2 loops. What do you answer?
Options
- AVXLAN offers native loop avoidance mechanism
- BStorm Control should be enabled on all ports
- CVPC+ could prevent L2 loop on access ports
- DBPDU Guard should be enabled on all VTEP access ports
Explanation
VXLAN is a pure encapsulation technology with no native Layer 2 loop prevention, so BPDU Guard must be enabled on VTEP access ports to err-disable any port where a switch is connected and could introduce a loop.
Common mistakes.
- A. VXLAN is a MAC-in-UDP encapsulation protocol and does not include any native loop avoidance mechanism - loop prevention must be provided by external mechanisms such as STP features or EVPN control plane.
- B. Storm Control rate-limits broadcast or multicast traffic after a loop has already formed, but it does not prevent the loop itself - the network can still degrade significantly before the threshold is triggered.
- C. VPC+ (Virtual Port Channel Plus) is a Cisco Nexus-specific multi-homing feature for port-channel redundancy and does not provide general Layer 2 loop prevention across all VTEP access ports in the fabric.
Concept tested. BPDU Guard for loop prevention on VXLAN VTEP access ports
Community Discussion
No community discussion yet for this question.