Presentation is loading. Please wait.

Presentation is loading. Please wait.

Minimizing Service Loss and Data Theft in a Campus Network

Published byJocelin Weaver Modified over 6 years ago

Similar presentations

Presentation on theme: "Minimizing Service Loss and Data Theft in a Campus Network"— Presentation transcript:

1 Minimizing Service Loss and Data Theft in a Campus Network
STP 安全机制

2 保护 STP 的运行 Protection against switches being added on PortFast ports.
BPDU guard shuts ports down. BPDU filter specifies action to be taken when BPDUs are received.

3 启用和检验 BPDU 防护 Enables BPDU guard
Switch(config)#spanning-tree portfast bpduguard Enables BPDU guard Switch#show spanning-tree summary totals Displays BPDU guard configuration information Switch#show spanning-tree summary totals Root bridge for: none. PortFast BPDU Guard is enabled Etherchannel misconfiguration guard is enabled UplinkFast is disabled BackboneFast is disabled Default pathcost method used is short Name Blocking Listening Learning Forwarding STP Active VLANs

4 BPDU 过滤 Enables BPDU filtering
Switch(config)#spanning-tree portfast bpdufilter default Enables BPDU filtering Switch#show spanning-tree summary totals Displays BPDU filtering configuration information Switch#show spanning-tree summary totals Root bridge for:VLAN0010 EtherChannel misconfiguration guard is enabled Extended system ID is disabled Portfast is enabled by default PortFast BPDU Guard is disabled by default Portfast BPDU Filter is enabled by default Loopguard is disabled by default UplinkFast is disabled BackboneFast is disabled Pathcost method used is long Name Blocking Listening Learning Forwarding STP Active 2 vlans

5 描述根守护

6 根守护的配置命令 Configures root guard Verifies root guard
Switch(config-if)#spanning-tree guard root Configures root guard Switch#show running-config interface fa 0/1 Switch#show spanning-tree inconsistentports Verifies root guard

7 检查根守护 Displays interface configuration information
Switch#show running-config interface interface mod/port Displays interface configuration information Switch#show spanning-tree inconsistentports Displays information about ports in inconsistent states Switch#show running-config interface fastethernet 5/8 Building configuration... Current configuration: 67 bytes ! interface FastEthernet5/8 switchport mode access spanning-tree guard root Switch#show spanning-tree inconsistentports Name Interface Inconsistency VLAN FastEthernet3/ Port Type Inconsistent VLAN FastEthernet3/ Port Type Inconsistent VLAN FastEthernet3/ Port Type Inconsistent Number of inconsistent ports (segments) in the system :3

8 总结 BPDU guard and BPDU filtering protect the operation of STP on PortFast-configured ports. When BPDU guard is configured globally, it affects all PortFast configured ports. BPDU guard can be configured per port, even on those ports not configured with PortFast. BPDU filtering can be configured globally or per port. The root switch cannot be elected via BPDUs received on a root-guard-configured port. Root guard can be configured and verified using various commands.

9

Download ppt "Minimizing Service Loss and Data Theft in a Campus Network"

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 2: LAN Redundancy Scaling Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 2: LAN Redundancy Scaling Networks.
Part 2: Preventing Loops in the Network

Part 2: Preventing Loops in the Network
Switching & Operations. Address learning Forward/filter decision Loop avoidance Three Switch Functions.

Switching & Operations. Address learning Forward/filter decision Loop avoidance Three Switch Functions.
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.

Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
Chapter 3: Implementing Spanning Tree

Chapter 3: Implementing Spanning Tree
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against Spoofing Attacks.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against Spoofing Attacks.
Part III Working with Redundant Links

Part III Working with Redundant Links
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING 300-115 Mohamed Samir YouTube channel.

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.
Securing the Local Area Network

Securing the Local Area Network
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—3-1 Implementing Spanning Tree Describing STP Stability Mechanisms.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—3-1 Implementing Spanning Tree Describing STP Stability Mechanisms.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—3-1 Implementing Spanning Tree Spanning Tree Protocol Enhancements.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—3-1 Implementing Spanning Tree Spanning Tree Protocol Enhancements.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Configuring VLANs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Configuring VLANs.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—1-1 Configuring Catalyst Switch Operations Introducing Spanning Tree Protocol.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—1-1 Configuring Catalyst Switch Operations Introducing Spanning Tree Protocol.
Port Aggregation & Load Balancing By: Joe B., Nabeel O. Miguel & Mufaddal J.

Port Aggregation & Load Balancing By: Joe B., Nabeel O. Miguel & Mufaddal J.
Layer 2 Switch  Layer 2 Switching is hardware based.  Uses the host's Media Access Control (MAC) address.  Uses Application Specific Integrated Circuits.

Layer 2 Switch  Layer 2 Switching is hardware based.  Uses the host's Media Access Control (MAC) address.  Uses Application Specific Integrated Circuits.
Layer 2 Switching. Overview Introduction Spanning Tree Protocol Spanning Tree Terms Spanning Tree Operations LAN Switch Types Configuring Switches.

Layer 2 Switching. Overview Introduction Spanning Tree Protocol Spanning Tree Terms Spanning Tree Operations LAN Switch Types Configuring Switches.
Chapter 8 Layer 2 Switching and Spanning Tree Protocol (STP)

Chapter 8 Layer 2 Switching and Spanning Tree Protocol (STP)
STP Part II PVST (Per Vlan Spanning Tree): A Vlan field is added to the BPDU header along with Priority & Mac. Priority is 32768, Mac Address is MAC or.

STP Part II PVST (Per Vlan Spanning Tree): A Vlan field is added to the BPDU header along with Priority & Mac. Priority is 32768, Mac Address is MAC or.

Similar presentations

Ads by Google