Minimizing Service Loss and Data Theft in a Campus Network

Slides:



Advertisements
Similar presentations
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 2: LAN Redundancy Scaling Networks.
Advertisements

Part 2: Preventing Loops in the Network
Switching & Operations. Address learning Forward/filter decision Loop avoidance Three Switch Functions.
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
Chapter 3: Implementing Spanning Tree
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against Spoofing Attacks.
Part III Working with Redundant Links
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.
Securing the Local Area Network
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—3-1 Implementing Spanning Tree Describing STP Stability Mechanisms.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—3-1 Implementing Spanning Tree Spanning Tree Protocol Enhancements.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Configuring VLANs.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—1-1 Configuring Catalyst Switch Operations Introducing Spanning Tree Protocol.
Port Aggregation & Load Balancing By: Joe B., Nabeel O. Miguel & Mufaddal J.
Layer 2 Switch  Layer 2 Switching is hardware based.  Uses the host's Media Access Control (MAC) address.  Uses Application Specific Integrated Circuits.
Layer 2 Switching. Overview Introduction Spanning Tree Protocol Spanning Tree Terms Spanning Tree Operations LAN Switch Types Configuring Switches.
Chapter 8 Layer 2 Switching and Spanning Tree Protocol (STP)
STP Part II PVST (Per Vlan Spanning Tree): A Vlan field is added to the BPDU header along with Priority & Mac. Priority is 32768, Mac Address is MAC or.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Spanning Tree Protocols LAN Switching and Wireless – Chapter 5 Part.
Building Cisco Multilayer Switched Networks (BCMSN)
Author: Bill Buchanan. Transparent bridge Author: Bill Buchanan CAM.
Instructor & Todd Lammle
Example STP runs on bridges and switches that are 802.1D-compliant. There are different flavors of STP, but 802.1D is the most popular and widely implemented.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Part III Working with Redundant Links.
S7C5 – Spanning Tree Protocol And other topics. Switch Port Aggregation Bundling –Combining 2 to 8 links of FE (Fast Ethernet) or GE (Gigabit) Full duplex.
Instructor & Todd Lammle
STP LAN Redundancy Introduction Network redundancy is a key to maintaining network reliability. Multiple physical links between devices provide redundant.
STP Part II PVST (Per Vlan Spanning Tree): A Vlan field is added to the BPDU header along with Priority & Mac. Priority is 32768, Mac Address is MAC or.
Switching Topic 6 Rapid spanning tree protocol. Agenda RSTP features – Port states – Port roles – BPDU format – Edge ports and link types – Proposals.
CCNP 3: Chapter 3 Implementing Spanning Tree. Overview Basics of implementing STP Election of Root Bridge and Backup Enhancing STP RSTP MSTP EtherChannels.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Switching in an Enterprise Network Introducing Routing and Switching in the.
Minimizing Service Loss and Data Theft in a Campus Network Describing STP Security Mechanisms.
Topic 5 Spanning tree protocol
CO5023 LAN Redundancy.
Layer-2 Switching and STP
W&L Page 1 CCNA CCNA Training 2.8 Identify enhanced switching technologies Jose Luis Flores / Amel Walkinshaw Aug, 2015.
Lecture3 Secured Network Design W.Lilakiatsakun.  Spanning Tree Protocol (STP)  Attack on Spanning Tree Protocol Topics.
Prepared by: PACE Academy ( 1. TRADITIONAL SPANNING TREE SPANNING-TREE CONFIGURATION PROTECTING THE SPANNING TREE PROTOCOL TOPOLOGY ADVANCED.
W&L Page 1 CCNA CCNA Training 2.6 Configure and verify VLANs Jose Luis Flores / Amel Walkinshaw Aug, 2015.
© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Understanding Switch Security.
Chapter 6.  Upon completion of this chapter, you should be able to:  Configure switches  Configure VLANs  Verify configuration settings  Troubleshoot.
Instructor Materials Chapter 3: STP
Chapter Six Securing the Local Area Network
Switch Commands.
Cisco Implementing Cisco IP Switched Networks (SWITCH )
Spanning Tree Protocol
Pass4itsure Cisco Dumps
CIT 384: Network Administration
Implementing Spanning Tree Protocol
VLANs: Virtual Local Area Networks
Spanning Tree Protocols
Extending Switched Networks with Virtual LANs
حملات به شبکه های محلی و راه های مقابله
Instructor & Todd Lammle
Configuring Catalyst Switch Operations
Spanning Tree Protocol
© 2002, Cisco Systems, Inc. All rights reserved.
Spanning Tree Protocol
Cisco Real Exam Dumps IT-Dumps
Enhancements to 802.1D, PVST+, RSTP and MST CIS 187 Multilayer Switched Networks CCNP SWITCH Rick Graziani Spring 2010.
Updated Cisco Exam Questions - Cisco Braindumps DumpsProfessor
Hwajung Lee Modified from Slides Courtesy of Cisco Networking Academy
Describing the STP.
STP – Spanning Tree Protocol A closer look
Implementing VLAN Trunks
Spanning Tree Protocol (STP)
Cisco networking CNET-448
Sécurisation au niveau 2 pour certains matériels Cisco
Presentation transcript:

Minimizing Service Loss and Data Theft in a Campus Network STP 安全机制

保护 STP 的运行 Protection against switches being added on PortFast ports. BPDU guard shuts ports down. BPDU filter specifies action to be taken when BPDUs are received.

启用和检验 BPDU 防护 Enables BPDU guard Switch(config)#spanning-tree portfast bpduguard Enables BPDU guard Switch#show spanning-tree summary totals Displays BPDU guard configuration information Switch#show spanning-tree summary totals Root bridge for: none. PortFast BPDU Guard is enabled Etherchannel misconfiguration guard is enabled UplinkFast is disabled BackboneFast is disabled Default pathcost method used is short Name Blocking Listening Learning Forwarding STP Active -------------------- -------- --------- -------- ---------- ---------- 34 VLANs 0 0 0 36 36

BPDU 过滤 Enables BPDU filtering Switch(config)#spanning-tree portfast bpdufilter default Enables BPDU filtering Switch#show spanning-tree summary totals Displays BPDU filtering configuration information Switch#show spanning-tree summary totals Root bridge for:VLAN0010 EtherChannel misconfiguration guard is enabled Extended system ID is disabled Portfast is enabled by default PortFast BPDU Guard is disabled by default Portfast BPDU Filter is enabled by default Loopguard is disabled by default UplinkFast is disabled BackboneFast is disabled Pathcost method used is long Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- 2 vlans 0 0 0 3 3

描述根守护

根守护的配置命令 Configures root guard Verifies root guard Switch(config-if)#spanning-tree guard root Configures root guard Switch#show running-config interface fa 0/1 Switch#show spanning-tree inconsistentports Verifies root guard

检查根守护 Displays interface configuration information Switch#show running-config interface interface mod/port Displays interface configuration information Switch#show spanning-tree inconsistentports Displays information about ports in inconsistent states Switch#show running-config interface fastethernet 5/8 Building configuration... Current configuration: 67 bytes ! interface FastEthernet5/8 switchport mode access spanning-tree guard root Switch#show spanning-tree inconsistentports Name Interface Inconsistency -------------------- ---------------------- ------------------ VLAN0001 FastEthernet3/1 Port Type Inconsistent VLAN0001 FastEthernet3/2 Port Type Inconsistent VLAN1002 FastEthernet3/1 Port Type Inconsistent Number of inconsistent ports (segments) in the system :3

总结 BPDU guard and BPDU filtering protect the operation of STP on PortFast-configured ports. When BPDU guard is configured globally, it affects all PortFast configured ports. BPDU guard can be configured per port, even on those ports not configured with PortFast. BPDU filtering can be configured globally or per port. The root switch cannot be elected via BPDUs received on a root-guard-configured port. Root guard can be configured and verified using various commands.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.