Back to Dashboard
Module 23
Advanced STP Features
β Previous Module
Next Module β
# π CCNA 200-301 - Video 23: Advanced STP Features ## Deep Study Notes --- ## π Learning Objectives By the end of this video, you should understand: - PortFast and its purpose - BPDU Guard and BPDU Filter - UplinkFast and its operation - BackboneFast and its operation - Loop Guard and Root Guard - When and how to use each feature --- ## π§ Core Concepts ### 1. STP Limitations **Standard STP Convergence Time:** 30-50 seconds | State | Duration | |-------|----------| | Blocking β Listening | 20 sec (Max Age) | | Listening β Learning | 15 sec (Forward Delay) | | Learning β Forwarding | 15 sec (Forward Delay) | | **Total** | **50 seconds** | **Problem:** When a device connects to a switch port (like a PC), it takes 30-50 seconds to start forwarding traffic. Users experience delays every time they connect. ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β STANDARD STP DELAY ON ACCESS PORT β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β PC connects to switch port β β β β β βΌ β β Port enters BLOCKING (20 sec) β β β β β βΌ β β Port enters LISTENING (15 sec) β β β β β βΌ β β Port enters LEARNING (15 sec) β β β β β βΌ β β Port enters FORWARDING (after 50 seconds) β β β β β βΌ β β User can finally use network! β β β β PROBLEM: 50 seconds is too long for end users! β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ### 2. PortFast **Definition:** PortFast is a Cisco feature that immediately transitions an access port from blocking to forwarding state, bypassing the listening and learning states. **Analogy:** PortFast is like a dedicated express lane at an airport. Regular passengers wait in line (STP states), but VIPs (end devices) go straight through. ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β PORTFAST β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β WITHOUT PORTFAST: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β PC Connected β Blocking (20s) β Listening (15s) β Learning (15s) β β β β β Forwarding (after 50s) β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β WITH PORTFAST: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β PC Connected β Forwarding (immediately) β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β WHEN TO USE: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β Access ports connected to end devices (PCs, printers, servers) β β β β β Ports that will NEVER connect to switches β β β β β Trunk ports (can cause loops) β β β β β Ports connected to other switches β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **PortFast Configuration:** ```cisco ! Configure PortFast on a single interface Switch(config)# interface fastEthernet 0/1 Switch(config-if)# spanning-tree portfast ! Configure PortFast globally (applies to all access ports) Switch(config)# spanning-tree portfast default ! Verify PortFast Switch# show spanning-tree interface fastEthernet 0/1 ! Example output: ! Interface Fa0/1 (port 1) in Spanning tree 1 is FORWARDING ! Port path cost 19, Port priority 128, Port Identifier 128.1. ! Designated root has priority 32768, address 001a.2b3c.4d5e ! Designated bridge has priority 32768, address 001a.2b3c.4d5e ! Designated port id is 128.1, designated path cost 0 ! Timers: message age 0, forward delay 0, hold 0 ! Number of transitions to forwarding state: 1 ! BPDU sent 0, received 0 ! The port is in the portfast mode ``` --- ### 3. BPDU Guard **Definition:** BPDU Guard is a security feature that disables (errdisable) a port if a BPDU is received on a PortFast-enabled port. **Purpose:** Prevents loops by ensuring that no switch is accidentally connected to a port that is supposed to be for end devices only. ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β BPDU GUARD β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β NORMAL OPERATION (End Device Connected): β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β PC connected β PortFast enabled β No BPDU received β Port stays up β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β IF SWITCH ACCIDENTALLY CONNECTED: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β Switch connected β PortFast enabled β BPDU received β β β β β BPDU Guard triggers β Port goes into errdisable state β β β β β Loop prevented! β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **BPDU Guard Configuration:** ```cisco ! Configure BPDU Guard on a single interface Switch(config)# interface fastEthernet 0/1 Switch(config-if)# spanning-tree bpduguard enable ! Configure BPDU Guard globally (applies to all PortFast ports) Switch(config)# spanning-tree portfast bpduguard default ! Recover from errdisable state Switch# show interfaces status | include errdisable Switch# errdisable recovery cause bpduguard Switch# errdisable recovery interval 300 ! Auto-recover after 300 seconds ! Manual recovery Switch(config)# interface fastEthernet 0/1 Switch(config-if)# shutdown Switch(config-if)# no shutdown ``` **BPDU Guard vs. PortFast Relationship:** | PortFast | BPDU Guard | Result | |----------|------------|--------| | Disabled | Disabled | Normal STP operation | | Enabled | Disabled | PortFast active, BPDUs ignored | | Enabled | Enabled | PortFast active, port errdisables if BPDU received | --- ### 4. BPDU Filter **Definition:** BPDU Filter prevents the switch from sending or receiving BPDUs on a port. **Analogy:** BPDU Filter is like putting a soundproof wall around the port. No STP messages can get in or out. ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β BPDU FILTER β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β Global BPDU Filter: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ Applies to all PortFast ports β β β β β’ Prevents BPDU transmission AND reception β β β β β’ DANGEROUS: Can create loops! β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β Interface BPDU Filter: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ Applies to specific interface β β β β β’ Same behavior - no BPDUs sent or received β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β WARNING: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β BPDU Filter is DANGEROUS! β β β β β’ If a switch is connected, loops can form β β β β β’ No STP protection β β β β β’ Use BPDU Guard instead unless you have a specific reason β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **BPDU Filter Configuration:** ```cisco ! Interface-level BPDU Filter Switch(config)# interface fastEthernet 0/1 Switch(config-if)# spanning-tree bpdufilter enable ! Global BPDU Filter (applies to all PortFast ports) Switch(config)# spanning-tree portfast bpdufilter default ! Verify Switch# show spanning-tree interface fastEthernet 0/1 detail ``` --- ### 5. UplinkFast **Definition:** UplinkFast is a Cisco proprietary feature that accelerates the failover time for a switch that has lost its root port. **Use Case:** Access layer switches with redundant uplinks to distribution switches. **Analogy:** UplinkFast is like having a backup generator that automatically starts when the main power fails. It takes only seconds instead of minutes. ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β UPLINKFAST β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β WITHOUT UPLINKFAST: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β Root Bridge β β β β (Distribution) β β β β β² β² β β β β β β β β β β Primaryβ βBackup β β β β β β β β β β ββββββ΄βββββ΄βββββ β β β β β Access Switchβ β β β β β RP (Active) β β β β β β AP (Blocked) β β β β β ββββββββββββββββ β β β β β β β β Primary fails β STP reconvergence: 30-50 seconds β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β WITH UPLINKFAST: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β Root Bridge β β β β (Distribution) β β β β β² β² β β β β β β β β β β Primaryβ βBackup β β β β β β β β β β ββββββ΄βββββ΄βββββ β β β β β Access Switchβ β β β β β RP (Active) β β β β β β AP (Blocked) β β β β β ββββββββββββββββ β β β β β β β β Primary fails β UplinkFast: 2-4 seconds β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **How UplinkFast Works:** 1. Switch detects root port failure 2. Switch immediately unblocks the alternate port 3. Switch preloads MAC addresses to the alternate port 4. New root port becomes active in seconds (not 30-50 seconds) **UplinkFast Configuration:** ```cisco ! Enable UplinkFast globally Switch(config)# spanning-tree uplinkfast ! UplinkFast with rate (skips max age) Switch(config)# spanning-tree uplinkfast max-update-rate 200 ! Verify Switch# show spanning-tree summary | include UplinkFast ! Output: UplinkFast is enabled ``` **UplinkFast Effects:** - Increases bridge priority to 49152 (to prevent becoming root) - Automatically sets all ports to PortFast for faster recovery - Only works on switches with at least one blocked port --- ### 6. BackboneFast **Definition:** BackboneFast is a Cisco proprietary feature that accelerates STP convergence when a switch loses connectivity to the root bridge. **Use Case:** Core and distribution switches in a hierarchical network. **Analogy:** BackboneFast is like having a bypass route when the main highway is closed. Traffic finds an alternative path quickly. ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β BACKBONEFAST β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β WITHOUT BACKBONEFAST: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β Root Bridge βββ Switch A βββ Switch B β β β β β β β β β β ββββββββ¬ββββββ β β β β β β β β β Switch C β β β β β β β β If link Root β Switch A fails: β β β β β’ Switch A must wait for Max Age (20 sec) before re-electing β β β β β’ Total convergence: 50 seconds β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β WITH BACKBONEFAST: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β Root Bridge βββ Switch A βββ Switch B β β β β β β β β β β ββββββββ¬ββββββ β β β β β β β β β Switch C β β β β β β β β If link Root β Switch A fails: β β β β β’ Switch A receives RLQ (Root Link Query) from Switch B β β β β β’ Switch A determines root is unreachable via BPDU β β β β β’ Switch A starts alternative path immediately β β β β β’ Total convergence: < 10 seconds β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **How BackboneFast Works:** 1. Switch detects potential root path failure (receives inferior BPDU) 2. Switch sends RLQ (Root Link Query) to neighbors 3. If root is unreachable, switch bypasses Max Age timer 4. Switch immediately transitions to new root path **BackboneFast Configuration:** ```cisco ! Enable BackboneFast globally (must be enabled on all switches) Switch(config)# spanning-tree backbonefast ! Verify Switch# show spanning-tree summary | include BackboneFast ! Output: BackboneFast is enabled ``` --- ### 7. Root Guard **Definition:** Root Guard prevents a port from becoming a root port. If a BPDU with a better bridge ID is received, the port is placed in root-inconsistent state. **Purpose:** Ensures that the designated root bridge remains the root, preventing rogue switches from taking over. ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β ROOT GUARD β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β NORMAL OPERATION: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β Root Bridge (Desired) Switch A (Root Guard enabled) β β β β β² β β β β β β β β β β β Superior BPDU (good) β β β β β β β β β β βΌ β β β β Rogue Switch β β β β (trying to become root) β β β β β β β β If rogue switch sends superior BPDU: β β β β β’ Port goes into root-inconsistent (blocked) β β β β β’ Root remains the desired root β β β β β’ Network stability maintained β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **Root Guard Configuration:** ```cisco ! Configure Root Guard on interface Switch(config)# interface gigabitEthernet 0/1 Switch(config-if)# spanning-tree guard root ! Verify Switch# show spanning-tree interface gigabitEthernet 0/1 detail ! Look for: "Root Guard is enabled on the port" ! Check root-inconsistent ports Switch# show spanning-tree inconsistentports ``` **Root Guard vs. BPDU Guard:** | Feature | Root Guard | BPDU Guard | |---------|------------|------------| | **Purpose** | Prevent port from becoming root | Prevent loops on access ports | | **Trigger** | Superior BPDU received | Any BPDU received | | **Action** | Root-inconsistent (blocked) | Errdisable | | **Port Type** | Typically trunk ports | Access ports with PortFast | | **Recovery** | Automatic when BPDU stops | Manual or errdisable recovery | --- ### 8. Loop Guard **Definition:** Loop Guard prevents alternate or root ports from transitioning to forwarding if BPDUs are no longer received. **Purpose:** Prevents loops caused by unidirectional link failures. ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β LOOP GUARD β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β PROBLEM: Unidirectional Link Failure β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β Switch A ββββββββββββββββββββββ Switch B β β β β (BPDUs can't reach A) β β β β β β β β Switch A stops receiving BPDUs, thinks it's root, β β β β starts forwarding on blocked port β LOOP! β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β SOLUTION: Loop Guard β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ Port that stops receiving BPDUs stays in blocking state β β β β β’ Prevents transition to forwarding β β β β β’ Port recovers when BPDUs resume β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **Loop Guard Configuration:** ```cisco ! Configure Loop Guard globally (applies to all ports) Switch(config)# spanning-tree loopguard default ! Configure Loop Guard on interface Switch(config)# interface gigabitEthernet 0/1 Switch(config-if)# spanning-tree guard loop ! Verify Switch# show spanning-tree interface gigabitEthernet 0/1 detail ! Look for: "Loop Guard is enabled on the port" ``` --- ### 9. Feature Comparison | Feature | Purpose | Configuration | Port Type | Recovery | |---------|---------|---------------|-----------|----------| | **PortFast** | Immediate forwarding on access ports | `spanning-tree portfast` | Access | N/A | | **BPDU Guard** | Disable port if BPDU received | `spanning-tree bpduguard enable` | Access | Errdisable recovery | | **BPDU Filter** | Suppress BPDUs (dangerous) | `spanning-tree bpdufilter enable` | Any | N/A | | **UplinkFast** | Faster failover for access switches | `spanning-tree uplinkfast` | Global | N/A | | **BackboneFast** | Faster convergence in backbone | `spanning-tree backbonefast` | Global | N/A | | **Root Guard** | Prevent port from becoming root | `spanning-tree guard root` | Trunk | Automatic | | **Loop Guard** | Prevent loops from unidirectional links | `spanning-tree guard loop` | Any | Automatic | --- ### 10. Feature Summary Diagram ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β STP FEATURES SUMMARY β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β ACCESS LAYER FEATURES: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β End Device (PC) ββββ Access Port β β β β βββ PortFast (immediate forwarding) β β β β βββ BPDU Guard (if BPDU, errdisable) β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β DISTRIBUTION/ACCESS (Uplink) FEATURES: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β Distribution Switch βββββ Uplink ββββ Access Switch β β β β βββ UplinkFast (fast failover) β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β CORE/DISTRIBUTION FEATURES: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β Root Bridge βββββ Trunk ββββ Switch β β β β βββ Root Guard (prevent rogue root) β β β β βββ BackboneFast (fast convergence) β β β β β β β β Switch to Switch Links: β β β β βββ Loop Guard (prevent unidirectional loops) β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ## π§ Complete Configuration Examples ### Lab 1: PortFast with BPDU Guard ```cisco ! Configure access port with PortFast and BPDU Guard Switch(config)# interface fastEthernet 0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 10 Switch(config-if)# spanning-tree portfast Switch(config-if)# spanning-tree bpduguard enable ! Global configuration (recommended) Switch(config)# spanning-tree portfast default Switch(config)# spanning-tree portfast bpduguard default ! Verify Switch# show spanning-tree interface fastEthernet 0/1 detail ``` ### Lab 2: UplinkFast Configuration ```cisco ! Enable UplinkFast on access switch Switch(config)# spanning-tree uplinkfast ! Optional: Configure max-update-rate Switch(config)# spanning-tree uplinkfast max-update-rate 200 ! Verify Switch# show spanning-tree summary Switch# show spanning-tree uplinkfast ``` ### Lab 3: Root Guard Configuration ```cisco ! Configure Root Guard on ports connected to distribution/access switches Switch(config)# interface range gigabitEthernet 0/1-2 Switch(config-if-range)# spanning-tree guard root ! Verify Switch# show spanning-tree interface gigabitEthernet 0/1 detail Switch# show spanning-tree inconsistentports ``` ### Lab 4: Loop Guard Configuration ```cisco ! Configure Loop Guard globally Switch(config)# spanning-tree loopguard default ! Or per interface Switch(config)# interface gigabitEthernet 0/3 Switch(config-if)# spanning-tree guard loop ! Verify Switch# show spanning-tree interface gigabitEthernet 0/3 detail ``` --- ## β Exam Tips (For CCNA 200-301) | Topic | What Cisco Tests | |-------|------------------| | **PortFast** | Use on access ports; bypasses STP states | | **BPDU Guard** | Use with PortFast; errdisables port if BPDU received | | **UplinkFast** | Access switch feature; fast failover for uplinks | | **BackboneFast** | Distribution/core feature; fast convergence for root path failures | | **Root Guard** | Prevents port from becoming root; forces root-inconsistent | | **Loop Guard** | Prevents loops from unidirectional links | ### Common Exam Scenarios: **Scenario 1:** "A user complains that it takes 30 seconds to get network connectivity after plugging in a laptop. What feature should be configured?" - **Answer:** PortFast on the access port **Scenario 2:** "An access switch has two uplinks to distribution switches. One uplink is blocked by STP. What feature will provide faster failover?" - **Answer:** UplinkFast **Scenario 3:** "A switch receives BPDU on a PortFast-enabled port with BPDU Guard. What happens?" - **Answer:** The port goes into errdisable state ### Mnemonics: **STP Features:** **"PURLB" - PortFast, UplinkFast, Root Guard, Loop Guard, BackboneFast** **When to use BPDU Guard:** **"Guard the PortFast"** - Always use BPDU Guard on PortFast ports **Root Guard Placement:** **"Guard the Roots"** - Configure Root Guard on ports that should NOT become root ports --- ## π Summary (1-Minute Revision) ``` ADVANCED STP FEATURES: PORTFAST: βββ Purpose: Immediate forwarding on access ports βββ Use: End devices (PCs, printers) βββ Configuration: spanning-tree portfast βββ Risk: Can cause loops if connected to switch BPDU GUARD: βββ Purpose: Disable port if BPDU received βββ Use: With PortFast on access ports βββ Configuration: spanning-tree bpduguard enable βββ Action: Errdisable state BPDU FILTER: βββ Purpose: Suppress BPDUs (DANGEROUS) βββ Use: Rarely; only with specific requirements βββ Configuration: spanning-tree bpdufilter enable βββ Risk: Can create loops UPLINKFAST: βββ Purpose: Fast failover for access switches βββ Use: Access layer with redundant uplinks βββ Configuration: spanning-tree uplinkfast βββ Convergence: 2-4 seconds BACKBONEFAST: βββ Purpose: Fast convergence for root path failures βββ Use: Core/distribution layer βββ Configuration: spanning-tree backbonefast βββ Convergence: < 10 seconds ROOT GUARD: βββ Purpose: Prevent port from becoming root βββ Use: Ports that should not become root βββ Configuration: spanning-tree guard root βββ Action: Root-inconsistent (blocked) LOOP GUARD: βββ Purpose: Prevent loops from unidirectional links βββ Use: Ports with potential for unidirectional failures βββ Configuration: spanning-tree guard loop βββ Action: Blocked until BPDUs resume VERIFICATION: βββ show spanning-tree interface [int] detail βββ show spanning-tree inconsistentports βββ show spanning-tree summary βββ show errdisable recovery ``` --- ## π§ͺ Practice Questions **1. Which feature immediately transitions an access port to forwarding state?** - A) UplinkFast - B) BackboneFast - C) PortFast - D) Root Guard <details> <summary>Answer</summary> <b>C) PortFast</b> - PortFast bypasses STP states and immediately forwards traffic on access ports. </details> **2. What happens when BPDU Guard is enabled on a PortFast port that receives a BPDU?** - A) Port becomes root port - B) Port goes into errdisable state - C) Port becomes designated port - D) Port ignores the BPDU <details> <summary>Answer</summary> <b>B) Port goes into errdisable state</b> - BPDU Guard disables the port to prevent loops. </details> **3. Which feature accelerates STP convergence on an access switch with redundant uplinks?** - A) PortFast - B) UplinkFast - C) BackboneFast - D) Loop Guard <details> <summary>Answer</summary> <b>B) UplinkFast</b> - UplinkFast provides fast failover for access switches with redundant uplinks. </details> **4. Which feature prevents a switch from becoming the root bridge?** - A) BPDU Guard - B) Root Guard - C) Loop Guard - D) UplinkFast <details> <summary>Answer</summary> <b>B) Root Guard</b> - Root Guard prevents a port from becoming a root port. </details> **5. Which feature prevents loops caused by unidirectional link failures?** - A) PortFast - B) BPDU Guard - C) Loop Guard - D) BackboneFast <details> <summary>Answer</summary> <b>C) Loop Guard</b> - Loop Guard prevents ports from transitioning to forwarding when BPDUs stop. </details> **6. Which command enables PortFast on an interface?** - A) `spanning-tree portfast` - B) `spanning-tree fast` - C) `portfast enable` - D) `stp portfast` <details> <summary>Answer</summary> <b>A) `spanning-tree portfast`</b> - This is the correct command to enable PortFast. </details> **7. What is the default recovery time for errdisable ports?** - A) 30 seconds - B) 60 seconds - C) 300 seconds - D) No auto-recovery <details> <summary>Answer</summary> <b>D) No auto-recovery</b> - Auto-recovery must be configured with `errdisable recovery`. </details> **8. Which feature should be enabled on all access ports connecting end devices? (Select two)** - A) PortFast - B) UplinkFast - C) BPDU Guard - D) BackboneFast <details> <summary>Answer</summary> <b>A and C</b> - PortFast and BPDU Guard are recommended on access ports for faster connectivity and security. </details> **9. What is the purpose of BackboneFast?** - A) Fast failover for access switches - B) Fast convergence when root path fails - C) Immediate forwarding on access ports - D) Prevent loops from unidirectional links <details> <summary>Answer</summary> <b>B) Fast convergence when root path fails</b> - BackboneFast accelerates convergence when switches lose connectivity to root. </details> **10. A port with Root Guard receives a superior BPDU. What state does it enter?** - A) Forwarding - B) Listening - C) Root-inconsistent - D) Errdisable <details> <summary>Answer</summary> <b>C) Root-inconsistent</b> - Root Guard puts the port in root-inconsistent (blocked) state. </details> **11. Which feature is considered dangerous because it can create loops?** - A) PortFast - B) BPDU Guard - C) BPDU Filter - D) Loop Guard <details> <summary>Answer</summary> <b>C) BPDU Filter</b> - BPDU Filter suppresses BPDUs and can cause loops if a switch is connected. </details> **12. What is the convergence time for UplinkFast?** - A) 2-4 seconds - B) 15 seconds - C) 30 seconds - D) 50 seconds <details> <summary>Answer</summary> <b>A) 2-4 seconds</b> - UplinkFast provides fast failover in approximately 2-4 seconds. </details> --- ## π Next Steps After completing Video 23, you should be ready for: - **Video 24:** Multiple Spanning Tree (MST) **Lab Practice:** 1. Configure PortFast on access ports and verify with `show spanning-tree interface` 2. Configure BPDU Guard and test by connecting a switch 3. Configure UplinkFast on an access switch with redundant uplinks 4. Configure Root Guard on distribution switch ports 5. Configure Loop Guard on switch-to-switch links 6. Verify all features with appropriate show commands **Ready for Video 24?** Share the link or say "next" and I'll continue with Multiple Spanning Tree (MST). I'll continue with **Video 24: Multiple Spanning Tree (MST)** based on the standard CCNA 200-301 curriculum. ---