© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v3.08-1 Minimizing Service Loss and Data Theft in a Campus Network Preventing STP Forwarding Loops.

Презентация:

Advertisements

Похожие презентации

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Describing STP Security Mechanisms.

Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Module Summary Key switch security issues should be identified on a switched network and.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Protecting Against Spoof Attacks.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing Inter-VLAN Routing Enabling Routing Between VLANs on a Multilayer Switch.

© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Module Summary STP protects the network from Layer 2 frames that might loop. Through the use.

© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Implementing Spanning Tree Describing the STP.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing Spanning Tree Implementing RSTP.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Securing Network Switches.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Understanding Switch Security.

© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Defining VLANs Implementing VLANs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v Configuring Catalyst Switch Operations Introducing Spanning Tree Protocol.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing High Availability in a Campus Environment Configuring Layer 3 Redundancy with.

© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Defining VLANs Implementing Trunks.

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Layer 2 Security Examining Layer 2 Attacks.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing Spanning Tree Implementing MSTP.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Module Summary An external router can be configured to route packets between the VLANs on.

© 2006 Cisco Systems, Inc. All rights reserved.BCMSN v Module Summary A poorly designed network leads to large broadcast domains. Global configuration.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Implementing High Availability in a Campus Environment Configuring Layer 3 Redundancy with.

© 2006 Cisco Systems, Inc. All rights reserved. BSCI v Manipulating Routing Updates Implementing Advanced Cisco IOS Features: Configuring DHCP.

© 2006 Cisco Systems, Inc. All rights reserved. BSCI v Configuring EIGRP Using EIGRP in an Enterprise Network.

Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Preventing STP Forwarding Loops

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Unidirectional Link Failure

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Loop Guard Root

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Before Loop Guard Root

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v With Loop Guard

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v UDLD and Loop Guard Configuration Commands Configuring and verifying UDLD udld enable show udld interface fa0/1 Configuring and verifying loop guard spantree global-default loopguard enable show spantree guard fa0/1

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Configuring UDLD Switch(config)#udld enable Enables UDLD globally on all fiber-optic interfaces Switch(config-if)#udld enable Enables UDLD on an individual interface Switch(config-if)#no udld enable Disables UDLD on an individual nonfiber-optic interface Switch(config-if)#udld disable Disables UDLD on an individual fiber-optic interface

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Resetting and Verifying UDLD Switch# udld reset Resets all interfaces that have been shut down by UDLD Switch#show udld interface Displays UDLD information for a specific interface

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Configuring Loop Guard

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Comparing Loop Guard and UDLD Loop GuardUDLD ConfigurationPer port Action granularityPer VLANPer Port AutorecoveryYes Yes, with errdisable timeout feature Protection against STP failures caused by unidirectional links Yes, when enabled on all root and alternative ports in redundant topology Yes, when enabled on all links in redundant topology Protection against STP failures caused by problem in software, resulting in designated switch not sending BPDU YesNo Protection against miswiringNoYes

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Summary UDLD detects and disables an interface with unidirectional connectivity, protecting the network from anomalous STP conditions. Loop guard detects and disables an interface with Layer 2 unidirectional connectivity, protecting the network from anomalous STP conditions. UDLD and loop guard are configured and verified using specific commands. Implementation of UDLD and loop guard protects spanning tree operations from being disrupted due to unidirectional links.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v