© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v3.08-1 Minimizing Service Loss and Data Theft in a Campus Network Describing STP Security Mechanisms.

Презентация:



Advertisements
Похожие презентации
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Preventing STP Forwarding Loops.
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Protecting Against Spoof Attacks.
© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Implementing Spanning Tree Describing the STP.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Layer 2 Security Examining Layer 2 Attacks.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Understanding Switch Security.
© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Defining VLANs Implementing Trunks.
© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Implementing Spanning Tree Configuring Link Aggregation with EtherChannel.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing Spanning Tree Implementing RSTP.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing Inter-VLAN Routing Enabling Routing Between VLANs on a Multilayer Switch.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Securing Network Switches.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing Spanning Tree Implementing MSTP.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Configuring Catalyst Switch Operations Introducing Spanning Tree Protocol.
© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Defining VLANs Implementing VLANs.
© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Defining VLANs Propagating VLAN Configurations with VTP.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing High Availability in a Campus Environment Configuring Layer 3 Redundancy with.
© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Module Summary A poorly designed network leads to large broadcast domains. Global configuration.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Module Summary Key switch security issues should be identified on a switched network and.
© 2006 Cisco Systems, Inc. All rights reserved. BSCI v Manipulating Routing Updates Implementing Advanced Cisco IOS Features: Configuring DHCP.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing Inter-VLAN Routing Describing Routing Between VLANs.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Module Summary An external router can be configured to route packets between the VLANs on.
Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Describing STP Security Mechanisms

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Protecting the Operation of STP Protection against switches being added on PortFast ports. BPDU guard shuts ports down. BPDU filter specifies action to be taken when BPDUs are received.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Enabling and Verifying BPDU Guard Switch#show spanning-tree summary totals Root bridge for: none. PortFast BPDU Guard is enabled Etherchannel misconfiguration guard is enabled UplinkFast is disabled BackboneFast is disabled Default pathcost method used is short Name Blocking Listening Learning Forwarding STP Active VLANs Switch(config)#spanning-tree portfast bpduguard Enables BPDU guard Switch#show spanning-tree summary totals Displays BPDU guard configuration information

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Describing BPDU Filtering Switch#show spanning-tree summary totals Root bridge for:VLAN0010 EtherChannel misconfiguration guard is enabled Extended system ID is disabled Portfast is enabled by default PortFast BPDU Guard is disabled by default Portfast BPDU Filter is enabled by default Loopguard is disabled by default UplinkFast is disabled BackboneFast is disabled Pathcost method used is long Name Blocking Listening Learning Forwarding STP Active vlans Switch(config)#spanning-tree portfast bpdufilter default Enables BPDU filtering Switch#show spanning-tree summary totals Displays BPDU filtering configuration information

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Describing Root Guard

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Describing Root Guard Configuration Commands Switch(config-if)#spanning-tree guard root Configures root guard Switch#show running-config interface fa 0/1 Switch#show spanning-tree inconsistentports Verifies root guard

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Verifying Root Guard Switch#show running-config interface fastethernet 5/8 Building configuration... Current configuration: 67 bytes ! interface FastEthernet5/8 switchport mode access spanning-tree guard root Switch#show spanning-tree inconsistentports Name Interface Inconsistency VLAN0001 FastEthernet3/1 Port Type Inconsistent VLAN0001 FastEthernet3/2 Port Type Inconsistent VLAN1002 FastEthernet3/1 Port Type Inconsistent Number of inconsistent ports (segments) in the system :3 Switch#show running-config interface interface mod/port Displays interface configuration information Switch#show spanning-tree inconsistentports Displays information about ports in inconsistent states

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Summary BPDU guard and BPDU filtering protect the operation of STP on PortFast-configured ports. When BPDU guard is configured globally, it affects all PortFast configured ports. BPDU guard can be configured per port, even on those ports not configured with PortFast. BPDU filtering can be configured globally or per port. The root switch cannot be elected via BPDUs received on a root-guard-configured port. Root guard can be configured and verified using various commands.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v3.08-9