CCNA Experiment 15 Protection of the STP
Environment: Windows XP ,Packet Tracert 5.3.
Purpose: To understand how to protect STP Network
Description
BPDU Guard (BPDU protection ):BPDU protection is typically used in PortFast mode. after configuring BPDU protection on a port with PortFast mode enabled , receiving BPDUs will turn the port into a err-disable state . (portfast is typically usedon ports in Access mode)
Root guard: The purpose of root protection is to ensure that the existing STP network does not change. When a new switch is added to an existing STP network, and it has a lower bridge ID or priority, the original STP network may change. However, if root protection is enabled on the port that connects to the newly joined switch, when the port receives a better BPDU than the existing one, it blocks the port until the BPDU is worse than the original network, and the port becomes forwarding state. This will protect the STP network from being affected.
BPDU Filtering (BPDUsFilter):BPDUsfiltering prevents the switch from being enabled forPortFastattributes are sent on the interfaceBPDUs. PortFastthe port of the feature is usually connected to the host device and these hosts do not need to participateSTP, so it does not need to receiveBPDUs. Note that when an interface is configured at the same timeBPDU Guardand theBPDU Filteringwhen, becauseBPDU Filteringhas a higher priority, soBPDU Guardwill not work.
< Span style= "font-size:medium;" >
< Strong>loop Guard (Loop protection): loop protection to STP loop provides additional protection when STP Configure simultaneously on one port rootguard and loopguard rootguard will not work.
Open Packet Tracert establishes the topology as follows:
650) this.width=650; "src=" Http://hi.csdn.net/attachment/201011/21/0_1290328786H838.gif "/>
Description: Can be seen by STP the root bridge in the network is SW1 . the SW0 FA0/10 is a blocking port.
1. Turn on Bpduguard and Rootguard protection on the configuration SW0 :
switch>en
Switch#conf T
Switch (config) #host SW0
SW0 (config) #int FA0/1
SW0 (config-if) #switchport mode access
SW0 (config-if) #spanning-tr portfast
SW0 (config-if) #spanning-tr Bpduguard Enable
SW0 (config-if) #exit
SW0 (config) #int FA0/15
SW0 (config-if) #spanning-tr guard Root
SW0 (config-if) #exit
Remove a computer PC0 and pull in a switch to connect to the FA0/1 observed BPDU Guard The resulting effect:
650) this.width=650; "src=" Http://hi.csdn.net/attachment/201011/21/0_1290329015PWiY.gif "/>
in the A new switch is connected to the FA0/15 port on the SW0, and the newly joined switch is configured as follows:
switch>en
Switch#sh SPANNING-TR
Switch#conf T
Switch (config) #spanning-tr VLAN 1 priority 4096
observed the effect of Root Guard:
650) this.width=650; "src=" Http://hi.csdn.net/attachment/201011/21/0_1290329169z16t.gif "/>
From the experimental results, it can be seen that pbduguard and Rootguard can prevent unauthorized access to the network and protect the existing network from any impact.
This article from "Liu Fengyuan" blog, declined reprint!
CCNA Experiment 15 Protection of the STP