A user reports that their desk port stopped working immediately after they connected a small switch. The interface shows err-disabled, and the log mentions BPDU Guard. What most likely happened?
This matches the symptom and the log message.
Why this answer
BPDU Guard is commonly enabled on PortFast access ports to protect the topology. If the port receives a BPDU, the switch assumes another switch may have been connected and places the port into err-disabled state. That is exactly the protective behavior you want at the edge.
Exam trap
A frequent exam trap is mistaking BPDU Guard triggers for issues caused by DHCP snooping or port security. Candidates may incorrectly assume that DHCP snooping blocking ARP or port security violations cause the err-disabled state when the log explicitly mentions BPDU Guard. Another pitfall is confusing native VLAN mismatches on trunks as the cause, but these do not generate BPDU Guard errors.
The key is to recognize that BPDU Guard specifically responds to receiving BPDUs on PortFast-enabled ports, which signals an unexpected switch connection and leads to err-disable. Misreading the log or symptoms can lead to selecting incorrect answers that do not align with BPDU Guard’s function.
Why the other options are wrong
Incorrect. DHCP snooping blocks unauthorized DHCP messages but does not cause BPDU Guard to err-disable a port. The log specifically mentions BPDU Guard, so DHCP snooping is unrelated here.
Incorrect. Port security violations cause err-disable states but are triggered by MAC address violations, not by receiving BPDUs. The log message points to BPDU Guard, not port security.
Incorrect. A trunk native VLAN mismatch causes VLAN tagging issues but does not trigger BPDU Guard or err-disable a port due to BPDU reception. This option does not explain the BPDU Guard log message.