Home > STP Questions

STP Questions

January 28th, 2021 in ENCOR 350-401 Go to comments

Question 1

Explanation

The purpose of Port Fast is to minimize the time interfaces must wait for spanning-tree to converge, it is effective only when used on interfaces connected to end stations.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560_scg/swstpopt.html

Question 2

Question 3

Explanation

SW1 needs to block one of its ports to SW2 to avoid a bridging loop between the two switches. Unfortunately, it blocked the fiber port Link2. But how does SW2 select its blocked port? Well, the answer is based on the BPDUs it receives from SW1. A BPDU is superior than another if it has:
1. A lower Root Bridge ID
2. A lower path cost to the Root
3. A lower Sending Bridge ID
4. A lower Sending Port ID

These four parameters are examined in order. In this specific case, all the BPDUs sent by SW1 have the same Root Bridge ID, the same path cost to the Root and the same Sending Bridge ID. The only parameter left to select the best one is the Sending Port ID (Port ID = port priority + port index). And the port index of Gi0/0 is lower than the port index of Gi0/1 so Link 1 has been chosen as the primary link.

Therefore we must change the port priority to change the primary link. The lower numerical value of port priority, the higher priority that port has. In other words, we must change the port-priority on Gi0/1 of SW1 (not on Gi0/1 of SW2) to a lower value than that of Gi0/0.

Question 4

Explanation

Where to Use MST
This diagram shows a common design that features access Switch A with 1000 VLANs redundantly connected to two distribution Switches, D1 and D2. In this setup, users connect to Switch A, and the network administrator typically seeks to achieve load balancing on the access switch Uplinks based on even or odd VLANs, or any other scheme deemed appropriate.

MST_usage.pngReference: https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24248-147.html

Question 5

Explanation

From the second command output (show spanning-tree mst) we learn that MST1 includes VLANs 10 & 20. Therefore if we want DSW1 to become root bridge for these VLANs we need to set the MST 1 region to root -> The command “spanning-tree mst 1 root primary” can do the trick. In fact, this command runs a macro and sets the priority lower than the current root.

Also we can see the current root bridge for these VLANs has the priority of 32769 (default value + sysid) so we can set the priority of DSW1 to a specific lower value. But notice that the priority must be a multiple of 4096. Therefore D is a correct answer.

Question 6

Explanation

In the topology above, we see DSW2 has lowest priority 24576 so it is the root bridge for VLAN 10 so surely all traffic for this VLAN must go through it. All of DSW2 ports must be in forwarding state. And:

+ The direct link between DSW1 and ALSW1 is blocked by STP.
+ The direct link between DSW1 and ALSW2 is also blocked by STP.

Therefore PC1 must go via this path: PC1 -> ALSW1 -> DSW2 -> DSW1.

Question 7

Explanation

Root guard does not allow the port to become a STP root port, so the port is always STP-designated. If a better BPDU arrives on this port, root guard does not take the BPDU into account and elect a new STP root. Instead, root guard puts the port into the root-inconsistent STP state which is equal to a listening state. No traffic is forwarded across this port.

Below is an example of where to configure Root Guard on the ports. Notice that Root Guard is always configure on designated ports.

Root_Guard_Location.jpg

To configure Root Guard use this command:

Switch(config-if)# spanning-tree guard root

Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10588-74.html

Question 8

Comments
  1. LTZY
    February 20th, 2021

    For question 3.
    Refer to the exhibit. Link1 is a copper connection and Link2 is a fiber connection. The fiber port must be the primary port for all forwarding. The output of the show spanning-tree command on SW2 shows that the fiber port is blocked by spanning tree. An engineer enters the spanning-tree port-priority 32 command on G0/1 on SW2, but the port remains blocked.

    Which command should be entered on the ports that are connected to Link2 to resolve the issue?

    A. Enter spanning-tree port-priority 4 on SW2
    B. Enter spanning-tree port-priority 224 on SW1
    C. Enter spanning-tree port-priority 64 on SW2wrong
    D. Enter spanning-tree port-priority 32 on SW1

    The correct answer is stated is D.

    I think there’s some error on the question? As on the exhibit the SW1 is the root bridge, therefore all ports on the SW1 is designated(FWD) and no further config is needed on the SW1’s end. On the other side SW2, needs to block one of it’s ports going to the root bridge, and it is via the ff:

    1. A lower path cost to the Root –> Tie, based on the show spanning-tree command both ports to the root bridge(SW1) has the same cost of 4.
    2. A lower Root Bridge ID –> Tie as both interfaces are pointing to the same SW (SW1) = same bridge ID.
    3. A lower Sending Port Priority/ID –> Which is by default makes the link1 via G0/0 on SW2 the forwarding port as it has the lower port ID advertised by SW1 (G0/0).

    The question states that “An engineer enters the spanning-tree port-priority 32 command on G0/1 on SW2, but the port remains blocked.”

    ^Wouldn’t this command already makes the interface G0/1 the forwarding port as it has the lower port-priority (32) compared to the G0/0 (120)?

    It seems there is some confusion on this question itself. Or maybe someone can correct me if my understanding is wrong.

    Thanks!

  2. contoso
    March 28th, 2021

    @LTZY: The answer is already stated: SW1 is root bridge for VLAN10. SW2 is not the root bridge as result of “show spanning-tree”
    SW1 needs to block one of its ports to SW2 to avoid a bridging loop between the two switches. Unfortunately, it blocked the fiber port Link2 (because of port index gi0/1 is higher than gi0/0). But how does SW2 select its blocked port? Well, the answer is based on the BPDUs it receives from SW1. A BPDU is superior than another if it has:
    1. A lower Root Bridge ID
    2. A lower path cost to the Root
    3. A lower Sending Bridge ID
    4. A lower Sending Port ID

  3. PacMan
    April 24th, 2021

    Q 7 – answer B does not “explicitly configure a switch as the root bridge”, it only protects switch from further superior BPDUs so D is correct.

  4. ez0p4o
    May 4th, 2021

    PacMan, as per the document provided below Q7:
    ” Note: The administrator can set the root bridge priority to 0 in an effort to secure the root bridge position. But there is no guarantee against a bridge with a priority of 0 and a lower MAC address.

    The root guard feature provides a way to enforce the root bridge placement in the network. ”
    So the answer is correct and is B

  5. slim
    May 5th, 2021

    @ez0p4o Thank you for clarifying, i also thought the answer was setting the Priority to 0.

  6. bigs
    May 5th, 2021

    Question 6 – the diagram shows the links from DSW2 to the two ALSW switches as being 1 Gbps while all other links are 10 Gbps. Shouldn’t that make ALSW1’s root port Gi0/1 and Gi0/2 in blocking state? I have access to an EVE lab and labbed it up and that’s how it works in my lab.

  7. AT
    May 7th, 2021

    About Q7:
    Answer A is meningless because 32768 is the default priority on any switch.
    Answer B mentions access-ports with portfast. In my understanding access ports do not relate to downstream switches. After all the question is talking about a 3-tier architecture, which means trunks between switches. Root Guard must be applied on switch-to-switch ports to have any effect towards the desired result.
    Answer C is talking about BPDU guard applied on switch-to-switch ports, but BPDU guard works on Access ports with Portfast (and trunks connected to Servers) and will disable the port upon receipt of any BPDU (not only a superior one) therefore blocking communication in any case, so this is not acceptable as well.
    I believe that D is the better answer, and it is the only one that explicity configures the switch as a root bridge.

    @Digitaltut – Please review the correct answer again

  1. No trackbacks yet.