Cisco Technology for Spanning Tree Protocol Protection

Spanning Tree Protocol Protection

Prev Question Next Question


Which Cisco technology protects against Spanning Tree Protocol manipulation?



Click on the arrows to vote for the correct answer

A. B. C. D. E.


The correct answer is B. Root guard and BPDU guard.


Spanning Tree Protocol (STP) is a protocol used to prevent loops in a network by creating a loop-free topology. It works by electing a root bridge, and then blocking certain ports to prevent loops. However, STP is vulnerable to manipulation, such as when an attacker injects a rogue switch into the network and manipulates the STP to become the root bridge, which can result in network downtime.

To protect against STP manipulation, Cisco provides several features, including:

A. Spanning-tree Protection: This feature provides additional protection to the STP by preventing configuration changes on a switch if STP is already running. This feature does not specifically protect against STP manipulation.

B. Root guard and BPDU guard: These two features work together to prevent unauthorized switches from becoming the root bridge or introducing rogue BPDU packets into the network. Root guard is used to prevent switches from becoming the root bridge by blocking the switch port that receives superior BPDU packets from the network. BPDU guard, on the other hand, is used to prevent rogue switches from introducing BPDU packets into the network by disabling the port that receives the BPDU packet.

C. Unicast Reverse Path Forwarding: This feature is used to prevent IP spoofing attacks by verifying that the source IP address of an incoming packet is valid and matches the expected route for that IP address.

D. MAC spoof guard: This feature is used to prevent MAC address spoofing attacks by monitoring the MAC addresses of devices connected to the switch ports and disabling the port if a different MAC address is detected.

E. Port security: This feature is used to restrict the number of devices that can connect to a switch port by limiting the MAC addresses that are allowed to send traffic through the port.

In summary, the correct answer is B. Root guard and BPDU guard, which are specifically designed to protect against STP manipulation.