Free Cisco 400-007 Actual Exam Questions - Question 2 Discussion
chosen VXLAN as encapsulation technology The customer is concerned about miss-configuration of
Layer 2 devices and DC wide outages caused by Layer 2 loops What do you answer?
I’m thinking B could help too since storm control limits broadcast storms, which can happen in a loop scenario. It’s more of a safety net than a prevention tool though. Could it be enough on its own?
C/D? I’m not sure VXLAN itself prevents loops inherently, so A feels off. B seems more like general protection, not a solid loop prevention method. C could work if VPC+ is configured properly to keep loops from access ports, but that depends on having the right hardware and setup. D looks solid if STP is off on the underlay since BPDU Guard would block unexpected BPDUs from causing loops at VTEPs. If the environment disables STP on the underlay, D feels like the safest bet here.
D imo, BPDU Guard directly blocks rogue BPDUs which is key for VXLAN setups.
A VXLAN setup usually means STP is off, so relying on BPDU Guard (D) makes sense to stop loops from rogue BPDUs on access ports. But VPC+ (C) is designed to prevent loops by allowing dual-active links and avoiding STP dependencies, which also fits well here. Between these, D feels more of a targeted safety net on access ports, while C is a broader loop prevention method. I’d go with D because it directly tackles the risk on VTEP access ports where misconfigurations are most likely to happen.
It’s D because enabling BPDU Guard on VTEP access ports directly blocks any unexpected BPDUs that could cause loops, which is crucial when using VXLAN where STP might not fully control loops.
Maybe D makes more sense here since BPDU Guard on VTEP ports stops rogue BPDUs causing loops, especially if STP is disabled in the overlay. It’s a direct way to prevent L2 loops from misconfigurations.
It’s C because VPC+ can create a loop-free topology by allowing dual-active links without STP, which is useful in VXLAN environments to avoid Layer 2 loops. D helps but isn’t the only safeguard needed.
It’s D because BPDU Guard stops accidental STP BPDUs from causing loops on VTEP ports, which fits the VXLAN setup where STP is usually off in the overlay. Options A and B don’t directly prevent loops.
Option D looks best to me since BPDU Guard can catch accidental STP BPDUs on VTEP access ports, preventing loops caused by misconfigurations. VXLAN overlays often disable STP inside, so relying on native loop prevention isn’t solid. Storm control (B) helps with storm mitigation but won’t stop loops outright. VPC+ (C) is more of a Cisco-specific solution for dual-homed links, so it doesn’t fully address the concern here. So enabling BPDU Guard on those ports seems like a straightforward step to avoid downtime from Layer 2 loops in this VXLAN setup.
Actually, VXLAN itself doesn’t have a built-in loop prevention mechanism, so A is out. Enabling storm control (B) helps limit broadcast storms but doesn’t really stop actual loops. VPC+ (C) is mainly for Cisco Nexus switches to create active-active links and avoid loops, but it’s not the best fit for all access ports in a VXLAN deployment. D makes the most sense since BPDU Guard on VTEP access ports prevents rogue STP BPDUs that could cause loops, aligning well with the customer’s concern about misconfigurations causing wide outages.
Guessing D. BPDU Guard on all VTEP access ports makes sense to block bad STP BPDUs and avoid loops.