STP Questions 2
Here you will find answers to STP Questions – Part 2
Question 1
Refer to the exhibit. Based on the output of the show spanning-tree command, which statement is true?
A. Switch SW1 has been configured with the spanning-tree vlan 1 root primary global configuration command.
B. Switch SW1 has been configured with the spanning-tree vlan 1 root secondary global configuration command.
C. Switch SW1 has been configured with the spanning-tree vlan 1 priority 24577 global configuration command.
D. Switch SW1 has been configured with the spanning-tree vlan 1 hello-time 2 global configuration command.
E. The root bridge has been configured with the spanning-tree vlan 1 root secondary global configuration command.
Answer: B
Explanation
The command “spanning-tree vlan 1 root secondary” sets its bridge ID to a value which is higher than the current root bridge but lower than other switches in the network -> If the current root bridge fails, Sw1 will become the root bridge.
If no priority has been configured, every switch will have the same default priority of 32768. Assuming all other switches are at default priority, the spanning-tree vlan vlan-id root primary command sets a value of 24576. Also, assuming all other switches are at default priority, the spanning-tree vlan vlan-id root secondary command sets a value of 28672.
In this question, the bridge priority of Sw1 is 28673, not 28672 because the extended system ID (indicated as sys-id-ext) is 1, indicating this is the STP instance for VLAN 1. In fact, the bridge priority is 28672.
Question 2
Refer to the exhibit. On the basis of the output of the show spanning-tree inconsistentports command, which statement about interfaces FastEthernet 0/1 and FastEthernet 0/2 is true?
A. They have been configured with the spanning-tree bpdufilter disable command.
B. They have been configured with the spanning-tree bpdufilter enable command.
C. They have been configured with the spanning-tree bpduguard disable command.
D. They have been configured with the spanning-tree bpduguard enable command.
E. They have been configured with the spanning-tree guard loop command.
F. They have been configured with the spanning-tree guard root command.
Answer: F
Explanation
We can configure the root guard feature to prevent unauthorized switches from becoming the root bridge. When you enable root guard on a port, if that port receives a superior BPDU, instead of believing the BPDU, the port goes into a root-inconsistent state. While a port is in the root-inconsistent state, no user data is sent across it. However, after the superior BPDUs stop, the port returns to the forwarding state.
For example, in the topology above suppose S1 is the current root bridge. If a hacker plugs a switch on S3 which sends superior BPDUs then it will become the new root bridge, this will also change the traffic path and may result in a traffic jam. By enabling root guard on S3 port, if spanning-tree calculations cause an interface to be selected as the root port, the interface transitions to the root-inconsistent (blocked) state instead to prevent the hacker’s switch from becoming the root switch or being in the path to the root.
Question 3
Refer to the exhibit. What information can be derived from the output?
A. Devices connected to interfaces FastEthemet3/1 and FastEthemet3/2 are sending BPDUs with a superior root bridge parameter and no traffic is forwarded across the ports. Once inaccurate BPDUs have been stopped, the interfaces will need to be administratively shut down, and brought back up, to resume normal operation.
B. Devices connected to interfaces FastEthemet3/1 and FastEthernet3/2 are sending BPDUs with a superior root bridge parameter, but traffic is still forwarded across the ports.
C. Devices connected to interfaces FastEthemet3/1 and FastEthemet3/2 are sending BPDUs with a superior root bridge parameter and no traffic is forwarded across the ports. Once inaccurate BPDUs have been stopped, the interfaces automatically recover and resume normal operation.
D. Interfaces FastEthemet3/1 and FastEthemet3/2 are candidate for becoming the STP root port, but neither can realize that role until BPDUs with a superior root bridge parameter are no longer received on at least one of the interfaces.
Answer: C
Explanation
Same explanation as question 2.
Question 4
Which statement is correct about RSTP port roles?
A. The designated port is the switch port on every nonroot bridge that is the chosen path to the root bridge. There can be only one designated port on every switch. The designated port assumes the forwarding state in a stable active topology. All switches connected to a given segment listen to all BPDUs and determine the switch that will be the root switch for a particular segment.
B. The disabled port is an additional switch port on the designated switch with a redundant link to the segment for which the switch is designated. A disabled port has a higher port 10 than the disabled port on the designated switch. The disabled port assumes the discarding state in a stable active topology.
C. The backup port is a switch port that offers an alternate path toward the root bridge. The backup port assumes a discarding state in a stable, active topology. The backup port will be present on nondesignated switches and will make a transition to a designated port if the current designated path fails.
D. The root port is the switch port on every nonroot bridge that is the chosen path to the root bridge. There can be only one root port on every switch. The root port assumes the forwarding state in a stable active topology.
Answer: D
Explanation
To learn about RSTP port roles, please read my RSTP tutorial.
Question 5
How are STP timers and state transitions affected when a topology change occurs in an STP environment?
A. All ports will temporarily transition to the learning state for a period equal to the max age timer plus the forward delay interval.
B. All ports will transition temporarily to the learning state for a period equal to the forward delay interval.
C. The default aging time for MAC address entries will be reduced for a period of the max age timer plus the forward delay interval.
D. The default hello time for configuration BPDUs will be reduced for the period of the max age timer.
Answer: C (but the wording may cause you to misunderstand)
Explanation
If a switch stops receiving Hellos, it means that there is a failure in the network. The switch will initiate the process of changing the Spanning-tree topology. The process requires the use of 3 STP timers:
* Hello - the time between each bridge protocol data unit (BPDU) that is sent on a port. This time is equal to 2 seconds (sec) by default, but you can tune the time to be between 1 and 10 sec.
* Forward delay – the time that is spent in the listening and learning state. This time is equal to 15 sec by default, but you can tune the time to be between 4 and 30 sec.
* Max age – maximum length of time a BPDU can be stored without receiving an update.. This time is 20 sec by default, but you can tune the time to be between 6 and 40 sec.
Max Age is the time that a bridge stores a BPDU before discarding it.
Switches (Bridges) keep its MAC address table entries for 300 seconds (5 minutes, known as aging time), by default. When a network topology change happens, the Switch (Bridge) temporarily lowers the aging time to the same as the forward delay time (15 seconds) to relearn the MAC address changes happened because of topology change.
This is important because normally only after five minutes an entry is aged out from the MAC address table of the switch and the network devices could be unreachable for up to 5 minutes. This is known as a black hole because frames can be forwarded to a device, which is no longer available.
Notice that shortening the aging time to 15 seconds does not flush the entire table, it just accelerates the aging process. Devices that continue to “speak” during the 15-second age-out period never leave the bridging table.
Therefore in this question, to be clearer answer C should state “The default aging time for MAC address entries will be reduced to forward_delay time for a period of the max age timer plus the forward delay interval.”
(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094797.shtml)
Question 6
Refer to the exhibit. The command spanning-tree guard root is configured on interface Gi0/0 on both switch S2 and S5. The global configuration command spanning-tree uplinkfast has been configured on both switch S2 and S5. The link between switch S4 and S5 fails. Will Host A be able to reach Host B?
A. Fifty percent of the traffic will successfully reach Host B, and fifty percent will dead-end at switch S3 because of a partial spanning-tree loop.
B. No. Traffic will pass from switch S6 to S2 and dead-end at S2.
C. No. Traffic will loop back and forth between switch S6 and Host A.
D. No. Traffic will loop back and forth between switches S2 and S3.
E. Yes. Traffic will pass from switch S6 to S2 to S1.
Answer: E
Explanation
First we should understand about UpLinkFast.
Suppose S1 is the root bridge in the topology above. S3 is connected to S1 via two paths: one direct path and another goes through S2. Suppose the port directly connected to S1 is root port -> port connected to S2 will be in Blocking state. If the primary link goes down, the blocked port will need about 50 seconds to move from Blocking -> Listening -> Learning -> Forwarding to be used.
To shorten the downtime, a feature called Uplink Fast can be used. When the primary (root) link fails, another blocked link can be brought up immediately for use. When UplinkFast is enabled, it is enabled for the entire switch and all VLANs. It cannot be enabled for individual VLANs.
In this question, the Root Guard feature has been enabled on Gi0/0 of S2 & S5 so these two Gi0/0 ports cannot be root ports and cannot forward traffic -> the link between S2 & S6 must be used.
Note: The idea of Uplink Fast is based on blocked ports which are possible to become a root port. Therefore the Uplink Fast feature is not allowed on the root bridge -> S2 & S5 cannot be root bridges in this case.
Question 7
Refer to the exhibit. The command spanning-tree guard root is configured on interface Gi0/0 on both switch S2 and S5. The global configuration command spanning-tree uplinkfast has been configured on both switch S2 and S5. The link between switch S4 and S5 fails. Will Host A be able to reach Host B?
A. Yes. Traffic can pass either from switch S6 to S3 to S2 to S1, or, from switch S6 to S5 to S2 to S1.
B. No. Traffic will pass from switch S6 to S5 and dead-end at interface Gi0/0.
C. No. Traffic will loop back and forth between switch S5 and S2.
D. Yes. Traffic will pass from switch S6 to S3 to S2 to S1.
E. No. Traffic will either pass from switch S6 to S5 and dead-end, or traffic will pass from switch S6 to S3 to S2 and dead-end.
Answer: D
Explanation
Same explanation as Question 6. When the link between S4 – S5 goes down, Gi0/0 on S5 cannot become root port because of Root Guard feature on it. But maybe Host A can’t reach host B in the first 15 seconds after the link between S4 & S5 fails by default. It is the time for S5 to clear the MAC address table (please read the explanation of Question 5 for more detail).
Question 8
Which two statements about the various implementations of STP are true? (Choose two)
A. Common Spanning Tree maintains a separate spanning-tree instance for each VLAN configured in the network.
B. The Spanning Tree Protocol (STP) is an evolution of the IEEE 802.1w standard.
C. Per-VLAN Spanning Tree (PVST) supports 802.1Q trunking.
D. Per-VLAN Spanning Tree Plus (PVST+) is an enhancement to 802.1Q specification and is supported only on Cisco devices.
E. Rapid Spanning Tree Protocol (RSTP) includes features equivalent to Cisco PortFast, UplinkFast, and BackboneFast for faster network reconvergence.
F. Multiple Spanning Tree (MST) assumes one spanning-tree instance for the entire Layer 2 network, regardless of the multiple number of VLANs.
Answer: D E
Explanation
Common Spanning Tree only uses one spanning-tree instance for all VLANs in the network -> A is not correct.
Rapid Spanning Tree Protocol (RSTP; IEEE 802.1w) can be seen as an evolution of the 802.1D standard more than a revolution. The 802.1D terminology remains primarily the same. Most parameters have been left unchanged so users familiar with 802.1D can rapidly configure the new protocol comfortably -> B is not correct.
Per-VLAN spanning tree protocol plus (PVST+) is a Cisco proprietary protocol that expands on the Spanning Tree Protocol (STP) by allowing a separate spanning tree for each VLAN. Cisco first developed this protocol as PVST, which worked with the Cisco ISL trunking protocol, and then later developed PVST+ which utilizes the 802.1Q trunking protocol. PVST+ allows interoperability between CST and PVST in Cisco switches -> C is not correct but D is correct.
RSTP significantly reduces the time to reconverge the active topology of the network when changes to the physical topology or its configuration parameters occur. RSTP supports Edge Ports (similar to PortFast), UplinkFast, and BackboneFast for faster network reconvergence. Rapid Spanning Tree Protocol (RSTP) can also revert back to 802.1D STP for interoperability with older switches and existing infrastructures -> E is correct.
Multiple Spanning Tree can map one or more VLANs to a single STP instance. Multiple instances of STP can be used (hence the name MST), with each instance supporting a different group of VLANs. For example, instead of creating 50 STP separate STP instances for 50 VLANs, we can create only 2 STP instances – each for 25 VLANs. This helps saving switch resources -> F is not correct.
Question 9
Given the diagram and assuming that STP is enabled on all switch devices, which two statements are true? (Choose two)
A. DSW11 will be elected the root bridge.
B. DSW12 will be elected the root bridge.
C. ASW13 will be elected the root bridge.
D. P3/1 will be elected the nondesignated port.
E. P2/2 will be elected the nondesignated port.
F. P3/2 will be elected the nondesignated port.
Answer: A D
Explanation
If all the switches are turned on at the same time, DSW11 will win the election and become Root Bridge because it has lowest Bridge ID (including Bridge Priority and MAC address) so all of its ports are Designated Port (forwarding state).
Also P2/1, P3/2 and P4/1 become Root Ports because they are closest to the Root Bridge (in terms of path cost) for each switch.
P3/1 will be Nondesignated (Blocked) Port because P1/2 must be a Designated Port (of course P1/2 advertises better BPDU, in other words better Bridge ID, than P3/1).
Question 10
Which two RSTP port roles include the port as part of the active topology? (Choose two)
A. root
B. designated
C. alternate
D. backup
E. forwarding
F. learning
Answer: A B
For Q9, isn’t it maybe correct answers A and D.
P3/1 will be elected as the root port.
P2/2 will be elected as the designated port.
and P3/2 will be elected as the blocking (nondesignated) port.
Correction I meant answers A and F.
zorandsc, the given answer by site authors is correct.
take in mind link cost, not only the phisical location of switches.
10M link cost is 100; two 100M links cost is 38. So P3/2 is a root port, and P3/1 is nondesignated.
My mistake, I did not see the cost. Thanks for quick replay.
Correction to question 9, the root bridge should be ASW13 due to the lowest bridge ID within the topology thus making P3/1 and P3/2 designated ports. Correct me if wrong
@ hwilker1:
Bridge priority 8179 is lower than 32768 and since DSW11 has a lower mac add than DSW12, so DSW11 will become the root bridge. Now, regarding the DP and NDP. To reach DSW11, ASW13 will take the path from DSW12–>DSW11 as the cost will be low (19 + 19 = 38) compared to the direct path from ASW13 to DSW11 whose cost will be 100 which is greater than 38. So, P3/1 will be NDP and P3/2 will be the root port and P3/3 will be the DP. Remember, there should always be a DP per segment. Hope this clears your doubt :-)
Q6&7: those are tough questions in my opinion. Let me jot down some points about theory of uplinkfast and root guard features.
- Uplinkfast: When a switch is globally enable uplinkfast, it warranties that it is the node-leaf or not to be a root switch by increasing it’s BPDU bridge priority to 49,152 and all of its port priority to 3000. It also keeps track of all uplinks to reach the root brigde, included root port and all potential root ports. When it’s root port fails, the next “potential root port”- who has better cost path than other ones- becomes the root port. Switch does this by sending the dummy multicast frame with MAC address 0100.0ccd.cdcd……
—->apply this to those questions’ topology we can conclude that S2&S5 are not the root bridge. The thing is we can not determine which one is the root bridge. And I wonder in reality whether people apply uplinkfast and root guard like those. Hopefully, there are some CCDP holders let us know.
-Guard root: when it is enable on a switch port, no superior BPDUs are received.
—> apply on Gi0/0 of S2&S5: just for keeping the topology’s operation stability, doesn’t it?
Bottom line, I don’t get it much on those questions. Just follow the explain of the admin, frankly.
Q6&7: let determine how STP work in this case.
With uplinkfast is enable: S2&S5 are not the root bridge; so who is the root bridge in those topology is unknown because of lacking information.
When the Gi0/1 link fails, regardless whoever is the root bridge, data never takes the Gi0/0 path between the S2&S5 because of the root guard feature enable on it (link Gi0/0 is never be the root path).
Correct me if any wrong.
Q5: so wordy answers in Cisco exam!!!!
I think it is clearly when they say: “In the period of max age time plus forward delay (totally about 50 secs) when the topology changes, the aging time of mac address entry table is reduced to forward delay time. (from 300secs to 15secs).
Thanks admin for explanation.
Q6 is so confusing!!!!!!!!! I was wondering who is the root bridge.
There is a typo in Question 1 explanation -
Incorrect -
The command “spanning-tree vlan 1 root secondary” sets its bridge ID to a value which is higher than the current root bridge [[[[[[but higher than]]]]]] other switches in the network -> If the current root bridge fails, Sw1 will become the root bridge.
Correct -
The command “spanning-tree vlan 1 root secondary” sets its bridge ID to a value which is higher than the current root bridge [[[[[[[[but lower than]]]]]]]] other switches in the network -> If the current root bridge fails, Sw1 will become the root bridge.
_________________________________________________________
The secondary root bridge priority will be higher than the root bridge but lower than other switches in the network.
Thanks,
DJ
Q3: Why A is not correct?
According to CCNP_Official_Certification_Guide 642-813:
If any BPDU (whether superior to the current root or not) is received on a port where BPDU Guard is enabled, that port immediately is put into the errdisable state. The port is shut down in an error condition and must be either manually re-enabled or automatically recovered through the errdisable timeout function.
@Gani: That paragraph is mentioning about port-security feature, but here we mention about root guard feature.
@certprepare: Thank you!
why is there a difference in output for Q2. and Q.3 if both are the result of a switch sending superior root bridge information? One says “Root Inconsistent” , other says “Port type inconsistent” ?
Can someone please reply?
please explain q 5
q 9 answer is in correct
elected in the order cost, BID, port priority of sender id –> P3/2 is correct
elected in the order cost, BID, port priority of sender id –> P3/1 is correct
Dear Sir/Mam,
I personally feel Question 2 and 3 are not so different because Question 2 just says that when Root guard is enabled in Switch for a VLAN then its ports gets root inconsistant state . So there is no doubts that F is correct and Q3 explains what happens behind the screen … Please correct me if i have misunderstood.
@Julie
I think it is just a difference between IOS versions. My switches say “root inconsistent”. However, this CCIE study shows “port type inconsistent”. http://ccienet.wordpress.com/2011/06/18/spanning-tree-guard-root/
Question 9 Non-designated ports have no role to play and hence are put into blocking mode.
therefore port 3/2 is non designated port beacuse its BID is higher than DSW12
Thanks to correct Q9 on the question, because a lot of people doesn’t read the comments.
Certprepare, could you, please check Q9 here ? … port 3/2 should be non-designated port ?
@all: Yes, the answers should be A & F. Thanks for your detection, I updated and added explanation to Q9.
@certprepare: concerning Q9, you state:
“Also P2/1, P3/1 and P4/1 become Root Ports because they are closest to the Root Bridge (in terms of path cost) for each switch.”
Well, obviously, in terms of path cost, P3/2 will become the RP, since a BPDU entering that port will have a path cost of 19+19 versus the path cost of 100 of a BPDU entering in P3/1.
So how does P3/1 become a root port?
@Salmanq: Yes, I didn’t notice the “10Mbps” link carefully. So the answer should be D, not F. Thanks for your detection. I updated it!
I think Question 10 answers are E and F, explanation:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_44_se/configuration/guide/swmstp.html#wp1071141
I was wrong about answer E and F in question 10. You are right.
Explanation: A port with the root or a designated port role is included in the active topology. A port with the alternate or backup port role is excluded from the active topology.
Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_44_se/configuration/guide/swmstp.html#wp1071141
Q3 on test today
Q10 was in test today.
Q9. Please explain because DSW11 was elected as root bridge. So the two Ports in root bridge will be forwarding state. port which was connected to root bridge port in other switch will root port. So port3/1 will be root port and should port 3/2 should be blocking port. Please clarify it…
i got answer for Q 9. its correct doesnot read the comments.. Now its clear…