Question 1hardmultiple choice
Full question →hardmultiple choiceObjective-mapped
A port configured for PortFast receives a BPDU and transitions to an error-disabled state. Which statement best explains why this is considered useful protection?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Best answer
It helps protect the topology when an edge port unexpectedly behaves like a switch-connected port.
This is correct because the err-disable behavior enforces the edge-port assumption.
B
Distractor review
It increases wireless coverage for clients on that port.
This is wrong because the feature is unrelated to wireless coverage.
C
Distractor review
It automatically summarizes all VLAN routes on the port.
This is wrong because this is an STP protection function, not routing summarization.
D
Distractor review
It forces all traffic to use SSH instead of Telnet.
This is wrong because the feature is not a management-protocol selector.
Common exam trap
Common exam trap: answer the scenario, not the keyword
A common exam trap is assuming that PortFast ports can safely connect to other switches without risk. The trap lies in ignoring that PortFast disables STP convergence delays but does not disable STP itself. If a BPDU is received on a PortFast port, it means the port is connected to a switch or device sending BPDUs, which can cause loops if not handled. The exam may try to mislead by suggesting PortFast improves wireless coverage or routing summarization, which are unrelated. Understanding that BPDU Guard disables the port upon BPDU receipt is critical to avoid this trap.
Technical deep dive
How to think about this question
PortFast is a Spanning Tree Protocol (STP) enhancement designed for switch ports connected directly to end devices such as workstations or servers. Normally, STP ports go through listening and learning states before forwarding traffic to prevent loops. PortFast bypasses these states, allowing immediate forwarding to reduce connection delays for end devices. However, this assumes the port is an edge port, not connected to another switch. BPDU Guard is a complementary feature that protects the network by disabling a PortFast-enabled port if it receives a BPDU. BPDUs are STP messages exchanged between switches to detect loops and maintain topology. If a BPDU arrives on a PortFast port, it indicates the port is connected to another switch or device sending BPDUs, violating the edge port assumption. BPDU Guard then places the port into an error-disabled state to prevent potential loops or topology instability. This mechanism is crucial because it enforces the intended network design where PortFast ports connect only to end devices. Without BPDU Guard, a misconnected switch could cause loops or STP recalculations, disrupting network performance. The error-disabled state requires administrative intervention or configured recovery to re-enable the port, ensuring that topology violations are noticed and corrected promptly. This behavior is a key protection strategy in Cisco networks to maintain STP integrity and prevent accidental bridging loops.
KKey Concepts to Remember
- PortFast is a Cisco STP feature that immediately transitions a switch port to the forwarding state, assuming the port connects to an end device, not another switch.
- BPDU Guard disables a PortFast-enabled port if it receives a Bridge Protocol Data Unit (BPDU), protecting the network from potential loops caused by unexpected switch connections.
- Receiving a BPDU on a PortFast port indicates the port is no longer connected to a single host but possibly to another switch, violating edge port assumptions.
- Disabling the port upon BPDU receipt prevents the port from participating in Spanning Tree Protocol topology changes, thus protecting network stability.
- PortFast with BPDU Guard enforces topology integrity by preventing accidental bridging loops that could arise from misconfigured or malicious connections.
- Ports configured with PortFast should only connect to end devices; connecting switches to these ports without disabling BPDU Guard risks network loops and outages.
- The error-disabled state caused by BPDU Guard requires manual or automatic recovery to restore port functionality, ensuring administrative awareness of topology issues.
- STP uses BPDUs to detect loops and maintain a loop-free topology; PortFast and BPDU Guard modify this behavior to optimize edge port performance and safety.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Related practice questions
Related 200-301 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
CCNA subnetting practice questions
Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.
CCNA OSPF practice questions
Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.
CCNA VLAN practice questions
Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.
CCNA STP practice questions
Practise spanning tree, root bridge election, port roles and STP troubleshooting.
CCNA EtherChannel practice questions
Practise LACP, PAgP, port-channel behaviour and bundle requirements.
CCNA ACL practice questions
Practise standard and extended ACLs, permit/deny logic and traffic filtering.
CCNA NAT practice questions
Practise static NAT, dynamic NAT, PAT and inside/outside address translation.
CCNA DHCP practice questions
Practise DHCP scopes, relay, leases and troubleshooting.
CCNA show ip route practice questions
Practise routing-table output, longest-prefix match, AD and route selection.
CCNA show interfaces trunk practice questions
Practise trunk verification and VLAN forwarding across switches.
CCNA wireless security practice questions
Practise WLAN security, authentication and wireless architecture concepts.
CCNA IPv6 practice questions
Practise IPv6 addressing, routes, neighbour discovery and common IPv6 exam traps.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A router learns the same prefix from both OSPF and EIGRP. Which route is installed by default?
Question 2
A router shows this output: R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.2 1 FULL/DR 00:00:34 192.168.12.2 GigabitEthernet0/0 10.1.1.3 1 2WAY/DROTHER 00:00:39 192.168.12.3 GigabitEthernet0/0 Which statement is correct?
Question 3
What is the OSPF metric called?
Question 4
A non-root switch has two uplinks toward the root bridge. One path has a lower total STP cost than the other. What role will the lower-cost uplink have?
Question 5
A router interface applies this ACL inbound: 10 deny tcp any any eq 80 20 permit ip any any A user reports that web browsing to a server by IP address fails, but ping works. Which statement best explains the behavior?
Question 6
A router learns route 198.51.100.0/24 from OSPF with AD 110 and also has a static route to the same prefix configured with AD 150. Which route is installed?
FAQ
Questions learners often ask
What does this 200-301 question test?
PortFast is a Cisco STP feature that immediately transitions a switch port to the forwarding state, assuming the port connects to an end device, not another switch.
What is the correct answer to this question?
The correct answer is: It helps protect the topology when an edge port unexpectedly behaves like a switch-connected port. — It is useful because it helps prevent a port that was expected to face a normal endpoint from quietly becoming part of the switching topology in an unsafe way. In practical terms, the administrator intended the port to act like an edge port. If a BPDU appears, that assumption is no longer true. Disabling the port protects the topology from unintended loops or design violations. This is exactly why PortFast is often paired with BPDU Guard on user-facing ports.
What should I do if I get this 200-301 question wrong?
Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.
Discussion
Loading comments…
Sign in to join the discussion.