Configurations with STP

By netsurfer802
in Smart Home, Network & Security

 Share

Recommended Posts

Proficient

netsurfer802

Posted
Posted

I am studying computer security and had try to Google what terms mean in the following content was not able to get a clear explanation for the what "BPDU Guard", "Root Guard" and what "Loop Guard" mean in the following context.  Thanks in advanced for an explanation.

 

  • Enable features such as portfast, BPDU Guard, Root Guard, and Loop Guard to mitigate spanning tree attacks. These features prevent an attacker from injecting malicious STP traffic on a protected port or detect potential loops.
Link to comment
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Problem is to understand what for example root guard is, you need to understand what a root switch is and how it's set or elected, etc. Without understanding the concepts of spanning tree - its very difficult to understand how to secure the protocol ;)

More than happy to go into these with you - but seems we will have to start with the very basics of spanning tree. Because if you understood stp then you would now what portfast, root and what a loop is how BPDUs come into play in the root bridge election for example.

To be honest if your having to look up these terms, then it kind of pointless to try and study how to secure stp if you don't even understand what it is.

Wouldn't basic networking be a prerequisite before taking computer security class? Did you skip some classes?

Link to comment
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

So your network+ and don't understand what a root switch, root bridge is? And don't know what a BPDU is?

I looked up the objectives of this exam - clearly spanning tree is part of it

post-14624-0-74460600-1383612680.png

And they talk about troubleshooting spanning loop - but you don't know what a root switch or root bridge is and what a bridge protocol data unit is??

2.5

Given a scenario, troubleshoot common router and switch problems

Switching loop

So I am confused here.. Where do we start? ;)

Link to comment
Share on other sites
Grand Master

fusi0n

Posted
Posted

So your network+ and don't understand what a root switch, root bridge is? And don't know what a BPDU is?

I looked up the objectives of this exam - clearly spanning tree is part of it

{style_image_url}/attachicon.gif objectives.png

And they talk about troubleshooting spanning loop - but you don't know what a root switch or root bridge is and what a bridge protocol data unit is??

2.5

Given a scenario, troubleshoot common router and switch problems

Switching loop

So I am confused here.. Where do we start? ;)

/me bows down

Sent from my GT-I9505G using Tapatalk

Link to comment
Share on other sites
Grand Master

+theblazingangel MVC

Posted
  • MVC
Posted

Do you understand spanning tree (STP) or not? As budman said, you really need to understand STP first if you're to properly understand these features.

All of these features help protect the integrity of the network.

  • BPDU Guard: BPDUs are used by switches to communicate STP information between each other. On ports where BPDU communication is never expected to take place, such as those connecting directly to hosts, portfast might be enabled. With portfast enabled STP is still running on the port, but the switch rushes the port through the states to bring it up faster. If another switch were accidentally or maliciously connected to such a port, there's a good chance that due to portfast, STP would fail to detect a bridging loop. BPDU guard is a feature for protecting the integrity of the network in such a scenario; If it detects an incoming BPDU communication, it blocks it and shuts down the port.
  • Root Guard: This feature helps provide control over which switches can become the root switch in STP. A port with root guard enabled will send/forward BPDUs to a switch connected to it but block any incoming and therefore block root status from being assigned to a switch connected via that port.
  • Loop guard: An STP topology's integrity relies upon a regular flow of BPDUs from the root. If for some reason these stop being received, ports in the blocking state (to break a bridging loop) may be cycled into a designated state, which if the lack of receipt of BPDUs is a mistake has resulted in that loop being recreated. Loop guard keeps track of BPDU activity on non-designated ports and should BPDUs stop being received, instead of allowing the ports to cycle to designated status, it holds them in a loop-inconsistent status until BPDUs start being received again.
Link to comment
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

^ exactly!!! I could see if you don't really understand STP very clear and concise explanations blazingangel posted would be gibberish. Which is my point..

Which is why its pointless to try and study the methods of security in stp, if you don't first understand stp.

So do we start with the basics of stp and move forward, or what? I would prob start here

http://www.cisco.com/en/US/tech/tk389/tk621/tsd_technology_support_protocol_home.html

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing