A network administrator uses the spanning-tree portfast bpduguard default global configuration command to enable BPDU guard on a switch. However, BPDU guard is not activated on all access ports. What is the cause of the issue?

  • PortFast is not configured on all access ports.
  • Access ports belong to different VLANs.
  • BPDU guard needs to be activated in the interface configuration command mode.
  • Access ports configured with root guard cannot be configured with BPDU guard.
Explanation & Hint:

The cause of the issue where BPDU guard is not activated on all access ports, even after using the spanning-tree portfast bpduguard default global configuration command, is likely because PortFast is not configured on all access ports.

The spanning-tree portfast bpduguard default command globally enables BPDU guard on all ports that have PortFast enabled. If PortFast has not been enabled on a particular access port, then BPDU guard will not be automatically activated on that port as a result of the global command.

Here’s the reason the other options are less likely to be the cause:

  • Access ports belong to different VLANs: BPDU guard and PortFast are features that can be applied to access ports irrespective of their VLAN assignments.
  • BPDU guard needs to be activated in the interface configuration command mode: While BPDU guard can indeed be activated on an interface-by-interface basis, the global command is designed to automatically enable BPDU guard on all ports that have PortFast enabled, without the need for per-interface configuration.
  • Access ports configured with root guard cannot be configured with BPDU guard: While it is true that root guard and BPDU guard are mutually exclusive on a per-port basis, the command in question wouldn’t be affected by root guard configuration. However, if root guard is already configured on some ports, BPDU guard would not be able to be activated on those ports until root guard is removed.

Therefore, the most likely reason for BPDU guard not being activated on all access ports is because PortFast has not been enabled on those ports. The administrator would need to ensure that PortFast is enabled on all access ports where BPDU guard is desired.

For more Questions and Answers:

CCNA 2 v7 – SRWE v7.02 Final Exam Answers Full 100%