You want to secure an interface on a switch so that a rogue switch running STP cannot be plugged into this interface.
What accomplishes this objective?
A.
BPDU protection
B.
edge protection
C.
rogue protection
D.
root protection
Explanation:
BPDU Protection for STP, RSTP, and MSTP on EX-series SwitchesEX-series switches provide Layer 2 loop prevention through Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), VLAN Spanning Tree Protocol (VSTP), and Multiple Spanning Tree Protocol (MSTP). BPDU protection can help prevent STP misconfigurations that can lead to network outages.
A loop-free network is supported through the exchange of a special type of frame called bridge protocol data unit (BPDU). Receipt of BPDUs on certain interfaces in an STP, RSTP, VSTP, or MSTP topology, however, can lead to network outages. Enable BPDU protection on those interfaces to prevent these outages.
Peer STP applications running on the switch interfaces use BPDUs to communicate. Ultimately, the exchange of BPDUs determines which interfaces block traffic and which interfaces become root ports and forward traffic.
However, a user bridge application running on a PC can also generate BPDUs. If these BPDUs are picked up by STP applications running on the switch, they can trigger STP miscalculations, and those miscalculations can lead to network outages.
Enable BPDU protection on switch interfaces connected to user devices or on interfaces on which no BPDUs are expected, such as edge ports. If BPDUs are received on a protected interface, the interface is disabled and stops forwarding frames.
Not only can you configure BPDU protection on a switch with a spanning tree, but also on a switch without a spanning tree. This type of topology typically consists of a non-STP switch connected to an STP switch through a trunk interface.
To configure BPDU protection on a switch with a spanning tree, include the bpdu-block-on-edge statement at the [edit protocols (stp | mstp | rstp )] hierarchy level.
To configure BPDU protection on a switch without a spanning tree, include the bpdu-block statement at the [edit ethernet-switching-options interface interface-name] hierarchy level.