SlideShare a Scribd company logo

STP Protection

Netwax Lab
Netwax Lab

Spanning Tree Protocol (STP) resolves physically redundant topologies into loop-free, tree-like topologies. The biggest issue with STP is that some hardware failures can cause it to fail. This failure creates forwarding loops (or STP loops). Major network outages are caused by STP loops. The loop guard STP feature that is intended to improve the stability of the Layer 2 networks. This document also describes Bridge Protocol Data Unit (BPDU) skew detection. BPDU skew detection is a diagnostic feature that generates syslog messages when BPDUs are not received in time.

Technology
1 of 9
Download to read offline
STP Protection Spanning Tree Protocol (STP) resolves physically redundant topologies into loop-free, tree-like topologies. The biggest issue with STP is that some hardware failures can cause it to fail. This failure creates forwarding loops (or STP loops). Major network outages are caused by STP loops. The loop guard STP feature that is intended to improve the stability of the Layer 2 networks. This document also describes Bridge Protocol Data Unit (BPDU) skew detection. BPDU skew detection is a diagnostic feature that generates syslog messages when BPDUs are not received in time. Figure 1 STP Protection
STP Protection Feature Availability CatOS 1. The STP loop guard feature was introduced in CatOS version 6.2.1 of the Catalyst software for Catalyst 4000 and Catalyst 5000 platforms and in version 6.2.2 for the Catalyst 6000 platform. 2. The BPDU skew detection feature was introduced in CatOS version 6.2.1 of the Catalyst software for Catalyst 4000 and Catalyst 5000 platforms and in version 6.2.2 for the Catalyst 6000 platform. Cisco IOS 1. The STP loop guard feature was introduced in Cisco IOS Software Release 12.1(12c)EW for Catalyst 4500 switches and Cisco IOS Software Release 12.1(11b)EX for Catalyst 6500. 2. The BPDU skew detection feature is not supported in Catalyst switches running Cisco IOS system software. Brief Summary of STP Port Roles Internally, STP assigns to each bridge (or switch) port a role that is based on configuration, topology, relative position of the port in the topology, and other considerations. The port role defines the behavior of the port from the STP point of view. Based on the port role, the port either sends or receives STP BPDUs and forwards or blocks the data traffic. This list provides a brief summary of each STP port role: 1. Designated- One designated port is elected per link (segment). The designated port is the port closest to the root bridge. This port sends BPDUs on the link (segment) and forwards traffic towards the root bridge. In an STP converged network, each designated port is in the STP forwarding state. 2. Root- The bridge can have only one root port. The root port is the port that leads to the root bridge. In an STP converged network, the root port is in the STP forwarding state. 3. Alternate- Alternate ports lead to the root bridge, but are not root ports. The alternate ports maintain the STP blocking state. 4. Backup- This is a special case when two or more ports of the same bridge (switch) are connected together, directly or through shared media. In this case, one port is designated, and the remaining ports block. The role for this port is backup.
STP Protection Root Guard It is a security feature of STP. It protects our network from root bridge changes. After enabling root guard, if any switch receives BPDU then it will put that port in root inconsistent state. It should apply on all designated trunk ports. We should not configure this feature between those switches which are performing STP load balancing. A feature when it receives BPDU then it put that port in error disable or root inconsistent state. Loop Guard It is a feature of STP. It should be enabling on all the Non-DP ports (root & blocking). After enabling loop guard if switch is receiving BPDUs on a switchport constantly then it will remain in working mode, but if it stops to receive BPDUs on switchport then it will put that switch port in loop inconsistent mode. It is a feature when it receives a BPDU, it remain silent, if it will not receive BPDU then it will put that port in loop inconsistent state or error disable state. (Note: always applied on Non-DP ports.) Consider this example in order to illustrate this behavior: Switch A is the root switch. Switch C does not receive BPDUs from switch B due to unidirectional link failure on the link between switch B and switch C. Without loop guard, the STP blocking port on switch C transitions to the STP listening state when the max_age timer expires, and then it transitions to the forwarding state in two times the forward_delay time. This situation creates a loop. Figure 2
STP Protection With loop guard enabled, the blocking port on switch C transitions into STP loop-inconsistent state when the max_age timer expires. A port in STP loop-inconsistent state does not pass user traffic, so a loop is not created. (The loop-inconsistent state is effectively equal to blocking state.) BPDU Guard A feature when it receives BPDU it put that port in error disable mode. (Note: Always applied on access port.) For enable – shut & no shut BPDU Filter When we enable port fast then we save only 32 sec convergence time but STP is still working on the port, if we want to block STP completely on a port then we have to use BPDU filter. (Note: Always applied on access port.) Figure 3 Figure 4
STP Protection BPDU Skew Detection STP operation relies heavily on the timely reception of BPDUs. At every hello_time message (2 seconds by default), the root bridge sends BPDUs. Non-root bridges do not regenerate BPDUs for each hello_time message, but they receive relayed BPDUs from the root bridge. Therefore, every non-root bridge should receive BPDUs on every VLAN for each hello_time message. In some cases, BPDUs are lost, or the bridge CPU is too busy to relay BPDU in a timely manner. These issues, as well as other issues, can cause BPDUs to arrive late (if they arrive at all). This issue potentially compromises the stability of the spanning tree topology. BPDU skew detection allows the switch to keep track of BPDUs that arrive late and to notify the administrator with syslog messages. For every port on which a BPDU has ever arrived late (or has skewed), skew detection reports the most recent skew and the duration of the skew (latency). It also reports the longest BPDU delay on this particular port. In order to protect the bridge CPU from overload, a syslog message is not generated every time BPDU skewing occurs. Messages are rate-limited to one message every 60 seconds. However, should the delay of BPDU exceed max_age divided by 2 (which equals 10 seconds by default), the message is immediately printed. (Note: BPDU skew detection is a diagnostic feature. Upon detection of BPDU skewing, it sends a syslog message. BPDU skew detection takes no further corrective action.) This is an example of a syslog message generated by BPDU skew detection: %SPANTREE-2-BPDU_SKEWING: BPDU skewed with a delay of 10 secs (max_age/2) UDLD (Unidirectional Link Detection) Figure 5 UDLD
STP Protection UDLD was designed for fiber cables if there is an odd link failure in this situation link status would be up but communication is not possible. To detect this problem we enable UDLD. UDLD sends special message over the trunk and it hope that another switch must echo the same message with same link. If a switch receives echo message it means link is fine. Otherwise there is a problem with link. UDLD takes action according to its modes. UDLD Mode 1. Normal- Syslog Message send 2. Aggressive- (i) Re-establish (ii) Shut (iii) Message Loop Guard versus UDLD Loop guard and Unidirectional Link Detection (UDLD) functionality overlap, partly in the sense that both protect against STP failures caused by unidirectional links. However, these two features differ in functionality and how they approach the problem. This table describes loop guard and UDLD functionality: Functionality Loop Guard UDLD Configuration Per-port Per-port Action granularity Per-VLAN Per-port Autorecover Yes Yes, with err-disable timeout feature Protection against STP failures caused by unidirectional links Yes, when enabled on all root and alternate ports in redundant topology Yes, when enabled on all links in redundant topology Protection against STP failures caused by problems in the software (designated switch does not send BPDU) Yes No Protection against miswiring. No Yes
STP Protection Example  Root Guard We enable root guard on all the Designated Port of Switches. Sw4#sh spanning tree Here we can see the Sw4 is the root bridge All the ports of Sw4 is DP Sw4 (config) #int range fa0/19 -24 Sw4 (config-if) #spanning-tree guard root Sw3#sh spanning-tree There is no DP port Sw2#sh spanning-tree 21 to 24 is DP Sw2 (config) #int range fa0/21 – 24 Sw2 (config-if) #spanning-tree guard root Sw1#sh spanning-tree DP is 19 and 20 Figure 6 STP Topology
STP Protection Sw1 (config) #int range fa0/19 – 20 Sw1 (config-if) #spanning-tree guard root Finally we enabled root guard on all the switches DP ports. Now we will make Sw3 as Root Bridge for vlan 1 Sw3 (config) #spanning-tree vlan 1 priority 0 Sw3#sh spanning-tree Sw4#sh spanning-tree Now we can see root guard send the port in root inconsistent mode. Sw3 (config) #no spanning-tree vlan 1 priority 0 Sw1#sh spanning-tree  Loop Guard It will apply on all non-DP and blocking port Sw1#sh spanning-tree Fa0/21 is the root port Sw1 (config) #int fa0/21 Sw1 (config-if) #spanning-tree guard loop Sw4 (config) #int fa0/21 Sw4 (config-if) #spanning-tree bpdufilter enable Sw1#sh spanning-tree Sw4 (config) #int fa0/21 Sw4 (config-if) #spanning-tree bpdufilter disable Sw1#sh spanning-tree  BPDU Guard Only applied on Access ports Sw1 (config) #int range fa0/1 – 18 Sw1 (config-if-range) #spanning-tree bpduguard enable Sw1 (config-if-range) #spanning-tree bpdufilter enable
STP Protection For globally enabling Sw1 (config) #spanning-tree portfast bpduguard default Sw1 (config) #spanning-tree portfast default Sw1 (config) #spanning-tree portfast bpdufilter default  UDLD Sw1 (config) #udld enable Sw1 (config) #udld aggressive Sw2 (config) #udld enable Sw2 (config) #udld aggressive Sw3 (config) #udld enable Sw3 (config) #udld aggressive Sw4 (config) #udld enable Sw4 (config) #udld aggressive

Recommended

Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
Muuluu
 
Layer 2 switching
Layer 2 switchingLayer 2 switching
Layer 2 switching
NetProtocol Xpert
 
Spanning tree protocol (stp)
Spanning tree protocol (stp)Spanning tree protocol (stp)
Spanning tree protocol (stp)
RaghulR21
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
Muhammad Arshad
 
Open shortest path first (ospf)
Open shortest path first (ospf)Open shortest path first (ospf)
Open shortest path first (ospf)
Respa Peter
 
STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)
Netwax Lab
 
Troubleshooting complex layer 2 issues ppt 16 bsit098
Troubleshooting complex layer 2 issues ppt 16 bsit098Troubleshooting complex layer 2 issues ppt 16 bsit098
Troubleshooting complex layer 2 issues ppt 16 bsit098
Quratulain baloch
 
Ether channel fundamentals
Ether channel fundamentalsEther channel fundamentals
Ether channel fundamentalsEdgardo Scrimaglia
 

Recommended

Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
Muuluu
 
Layer 2 switching
Layer 2 switchingLayer 2 switching
Layer 2 switching
NetProtocol Xpert
 
Spanning tree protocol (stp)
Spanning tree protocol (stp)Spanning tree protocol (stp)
Spanning tree protocol (stp)
RaghulR21
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
Muhammad Arshad
 
Open shortest path first (ospf)
Open shortest path first (ospf)Open shortest path first (ospf)
Open shortest path first (ospf)
Respa Peter
 
STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)
Netwax Lab
 
Troubleshooting complex layer 2 issues ppt 16 bsit098
Troubleshooting complex layer 2 issues ppt 16 bsit098Troubleshooting complex layer 2 issues ppt 16 bsit098
Troubleshooting complex layer 2 issues ppt 16 bsit098
Quratulain baloch
 
Ether channel fundamentals
Ether channel fundamentalsEther channel fundamentals
Ether channel fundamentalsEdgardo Scrimaglia
 
Routing protocols
Routing protocolsRouting protocols
Routing protocols
Sourabh Goyal
 
OpenFlow
OpenFlowOpenFlow
OpenFlow
Kingston Smiler
 
Difference b/w STP RSTP PVST & MSTP
Difference b/w STP RSTP PVST & MSTPDifference b/w STP RSTP PVST & MSTP
Difference b/w STP RSTP PVST & MSTP
Netwax Lab
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
hazimalghalayini
 
Packet Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocolPacket Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocol
Rafat Khandaker
 
SPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPANSPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPAN
NetProtocol Xpert
 
Free CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdfFree CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdf
Networkershome
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree Protocol
Manoj Gharate
 
Ip services
Ip servicesIp services
Ip services
Student
 
Classless inter domain routing
Classless inter domain routingClassless inter domain routing
Classless inter domain routing
Vikash Gangwar
 
ospf routing protocol
ospf routing protocolospf routing protocol
ospf routing protocol
Ameer Agel
 
VLAN ON PACKET TRACER
VLAN ON PACKET TRACERVLAN ON PACKET TRACER
VLAN ON PACKET TRACER
BIRLA VISHVAKARMA MAHAVIDYALAY
 
Bgp
BgpBgp
Bgp
Febrian ‎
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocol
Smriti Tikoo
 
CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2
Nil Menon
 
Lan technologies
Lan technologiesLan technologies
Lan technologiesManusha Dilan
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to Hero
Dhruv Sharma
 
Tcp ip
Tcp ipTcp ip
Tcp ip
Dhani Ahmad
 
IT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTINGIT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTING
Kathirvel Ayyaswamy
 
Cisco router basic
Cisco router basicCisco router basic
Cisco router basic
Tapan Khilar
 
119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut
nicolelemmimg
 
Nxll24 i pv6
Nxll24 i pv6Nxll24 i pv6
Nxll24 i pv6
Netwax Lab
 

More Related Content

What's hot

Routing protocols
Routing protocolsRouting protocols
Routing protocols
Sourabh Goyal
 
OpenFlow
OpenFlowOpenFlow
OpenFlow
Kingston Smiler
 
Difference b/w STP RSTP PVST & MSTP
Difference b/w STP RSTP PVST & MSTPDifference b/w STP RSTP PVST & MSTP
Difference b/w STP RSTP PVST & MSTP
Netwax Lab
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
hazimalghalayini
 
Packet Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocolPacket Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocol
Rafat Khandaker
 
SPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPANSPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPAN
NetProtocol Xpert
 
Free CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdfFree CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdf
Networkershome
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree Protocol
Manoj Gharate
 
Ip services
Ip servicesIp services
Ip services
Student
 
Classless inter domain routing
Classless inter domain routingClassless inter domain routing
Classless inter domain routing
Vikash Gangwar
 
ospf routing protocol
ospf routing protocolospf routing protocol
ospf routing protocol
Ameer Agel
 
VLAN ON PACKET TRACER
VLAN ON PACKET TRACERVLAN ON PACKET TRACER
VLAN ON PACKET TRACER
BIRLA VISHVAKARMA MAHAVIDYALAY
 
Bgp
BgpBgp
Bgp
Febrian ‎
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocol
Smriti Tikoo
 
CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2
Nil Menon
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to Hero
Dhruv Sharma
 
Tcp ip
Tcp ipTcp ip
Tcp ip
Dhani Ahmad
 
IT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTINGIT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTING
Kathirvel Ayyaswamy
 
Cisco router basic
Cisco router basicCisco router basic
Cisco router basic
Tapan Khilar
 

What's hot (20)

Routing protocols
Routing protocolsRouting protocols
Routing protocols
 
OpenFlow
OpenFlowOpenFlow
OpenFlow
 
Difference b/w STP RSTP PVST & MSTP
Difference b/w STP RSTP PVST & MSTPDifference b/w STP RSTP PVST & MSTP
Difference b/w STP RSTP PVST & MSTP
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
 
Packet Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocolPacket Tracer: Cisco, Spanning tree protocol
Packet Tracer: Cisco, Spanning tree protocol
 
SPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPANSPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPAN
 
Free CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdfFree CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdf
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree Protocol
 
Ip services
Ip servicesIp services
Ip services
 
Classless inter domain routing
Classless inter domain routingClassless inter domain routing
Classless inter domain routing
 
ospf routing protocol
ospf routing protocolospf routing protocol
ospf routing protocol
 
VLAN ON PACKET TRACER
VLAN ON PACKET TRACERVLAN ON PACKET TRACER
VLAN ON PACKET TRACER
 
Bgp
BgpBgp
Bgp
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocol
 
CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2
 
Lan technologies
Lan technologiesLan technologies
Lan technologies
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to Hero
 
Tcp ip
Tcp ipTcp ip
Tcp ip
 
IT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTINGIT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTING
 
Cisco router basic
Cisco router basicCisco router basic
Cisco router basic
 

Viewers also liked

119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut
nicolelemmimg
 
Nxll24 i pv6
Nxll24 i pv6Nxll24 i pv6
Nxll24 i pv6
Netwax Lab
 
IP Address
IP AddressIP Address
IP Address
Netwax Lab
 
OSPF Route Filtering
OSPF Route FilteringOSPF Route Filtering
OSPF Route Filtering
Netwax Lab
 
Introduction of Networking
Introduction of NetworkingIntroduction of Networking
Introduction of Networking
Netwax Lab
 
Networking Devices
Networking DevicesNetworking Devices
Networking Devices
Netwax Lab
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
Netwax Lab
 
SSL Web VPN
SSL Web VPNSSL Web VPN
SSL Web VPN
Netwax Lab
 
TCP Intercept
TCP InterceptTCP Intercept
TCP Intercept
Netwax Lab
 
Nxll23 i pv6
Nxll23 i pv6Nxll23 i pv6
Nxll23 i pv6
Netwax Lab
 
OSPF (open shortest path first) part iii
OSPF (open shortest path first) part iiiOSPF (open shortest path first) part iii
OSPF (open shortest path first) part iii
Netwax Lab
 
VRF Configuration
VRF ConfigurationVRF Configuration
VRF Configuration
Netwax Lab
 
Eincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iiiEincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iii
Netwax Lab
 
Wireless Technology
Wireless TechnologyWireless Technology
Wireless Technology
Netwax Lab
 
OSPF (open shortest path first) part ii
OSPF (open shortest path first) part iiOSPF (open shortest path first) part ii
OSPF (open shortest path first) part ii
Netwax Lab
 
VLAN (virtual local area network)
VLAN (virtual local area network)VLAN (virtual local area network)
VLAN (virtual local area network)
Netwax Lab
 
Proxy Server
Proxy ServerProxy Server
Proxy Server
Netwax Lab
 
Why We Need IPv6
Why We Need IPv6Why We Need IPv6
Why We Need IPv6
Netwax Lab
 
Frame Relay
Frame RelayFrame Relay
Frame Relay
Netwax Lab
 
Nxll10 v lan and trunking
Nxll10 v lan and trunkingNxll10 v lan and trunking
Nxll10 v lan and trunking
Netwax Lab
 

Viewers also liked (20)

119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut
 
Nxll24 i pv6
Nxll24 i pv6Nxll24 i pv6
Nxll24 i pv6
 
IP Address
IP AddressIP Address
IP Address
 
OSPF Route Filtering
OSPF Route FilteringOSPF Route Filtering
OSPF Route Filtering
 
Introduction of Networking
Introduction of NetworkingIntroduction of Networking
Introduction of Networking
 
Networking Devices
Networking DevicesNetworking Devices
Networking Devices
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
 
SSL Web VPN
SSL Web VPNSSL Web VPN
SSL Web VPN
 
TCP Intercept
TCP InterceptTCP Intercept
TCP Intercept
 
Nxll23 i pv6
Nxll23 i pv6Nxll23 i pv6
Nxll23 i pv6
 
OSPF (open shortest path first) part iii
OSPF (open shortest path first) part iiiOSPF (open shortest path first) part iii
OSPF (open shortest path first) part iii
 
VRF Configuration
VRF ConfigurationVRF Configuration
VRF Configuration
 
Eincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iiiEincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iii
 
Wireless Technology
Wireless TechnologyWireless Technology
Wireless Technology
 
OSPF (open shortest path first) part ii
OSPF (open shortest path first) part iiOSPF (open shortest path first) part ii
OSPF (open shortest path first) part ii
 
VLAN (virtual local area network)
VLAN (virtual local area network)VLAN (virtual local area network)
VLAN (virtual local area network)
 
Proxy Server
Proxy ServerProxy Server
Proxy Server
 
Why We Need IPv6
Why We Need IPv6Why We Need IPv6
Why We Need IPv6
 
Frame Relay
Frame RelayFrame Relay
Frame Relay
 
Nxll10 v lan and trunking
Nxll10 v lan and trunkingNxll10 v lan and trunking
Nxll10 v lan and trunking
 

Similar to STP Protection

Attacking the spanning tree protocol
Attacking the spanning tree protocolAttacking the spanning tree protocol
Attacking the spanning tree protocolAsmadzakirah
 
Spaning Tree Protocol
Spaning Tree ProtocolSpaning Tree Protocol
Spaning Tree Protocol
Atakan ATAK
 
Stp defined
Stp definedStp defined
Stp defined
Azeem Ayaz
 
ENCOR_Capitulo 3.pptx
ENCOR_Capitulo 3.pptxENCOR_Capitulo 3.pptx
ENCOR_Capitulo 3.pptx
ManuelRojas960410
 
RSTP (rapid spanning tree protocol)
RSTP (rapid spanning tree protocol)RSTP (rapid spanning tree protocol)
RSTP (rapid spanning tree protocol)
Netwax Lab
 
Spanning Tree Protocol, from a future CCNA´s perspective.
Spanning Tree Protocol, from a future CCNA´s perspective.Spanning Tree Protocol, from a future CCNA´s perspective.
Spanning Tree Protocol, from a future CCNA´s perspective.
Gerald Paciello
 
ENCOR_Capitulo 2.pptx
ENCOR_Capitulo 2.pptxENCOR_Capitulo 2.pptx
ENCOR_Capitulo 2.pptx
ManuelRojas960410
 
Day 4 LAYER 2 SWITCHING
Day 4 LAYER 2 SWITCHINGDay 4 LAYER 2 SWITCHING
Day 4 LAYER 2 SWITCHING
anilinvns
 
LAYER 2 SWITCHING
LAYER 2 SWITCHINGLAYER 2 SWITCHING
LAYER 2 SWITCHING
anilinvns
 
C C N A Day4
C C N A Day4C C N A Day4
C C N A Day4
darulquthni
 
How STP works?
How STP works? How STP works?
How STP works?
NetProtocol Xpert
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Security
dkaya
 
Ccnp3 lab 3_1_en (hacer)
Ccnp3 lab 3_1_en (hacer)Ccnp3 lab 3_1_en (hacer)
Ccnp3 lab 3_1_en (hacer)
Omar Herrera
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
 
Overview of Spanning Tree Protocol
Overview of Spanning Tree ProtocolOverview of Spanning Tree Protocol
Overview of Spanning Tree Protocol
Arash Foroughi
 
Ccna 3 chapter 5 v4.0 answers 2011
Ccna 3 chapter 5 v4.0 answers 2011Ccna 3 chapter 5 v4.0 answers 2011
Ccna 3 chapter 5 v4.0 answers 2011Dân Chơi
 
Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)
Peter R. Egli
 
Understanding stp-rstp-convergence
Understanding stp-rstp-convergenceUnderstanding stp-rstp-convergence
Understanding stp-rstp-convergence
Hazhir Yadegari
 
第15讲 Stp
第15讲 Stp第15讲 Stp
第15讲 StpF.l. Yu
 

Similar to STP Protection (20)

Attacking the spanning tree protocol
Attacking the spanning tree protocolAttacking the spanning tree protocol
Attacking the spanning tree protocol
 
Spaning Tree Protocol
Spaning Tree ProtocolSpaning Tree Protocol
Spaning Tree Protocol
 
Stp defined
Stp definedStp defined
Stp defined
 
ENCOR_Capitulo 3.pptx
ENCOR_Capitulo 3.pptxENCOR_Capitulo 3.pptx
ENCOR_Capitulo 3.pptx
 
RSTP (rapid spanning tree protocol)
RSTP (rapid spanning tree protocol)RSTP (rapid spanning tree protocol)
RSTP (rapid spanning tree protocol)
 
Spanning Tree Protocol, from a future CCNA´s perspective.
Spanning Tree Protocol, from a future CCNA´s perspective.Spanning Tree Protocol, from a future CCNA´s perspective.
Spanning Tree Protocol, from a future CCNA´s perspective.
 
ENCOR_Capitulo 2.pptx
ENCOR_Capitulo 2.pptxENCOR_Capitulo 2.pptx
ENCOR_Capitulo 2.pptx
 
Day 4 LAYER 2 SWITCHING
Day 4 LAYER 2 SWITCHINGDay 4 LAYER 2 SWITCHING
Day 4 LAYER 2 SWITCHING
 
LAYER 2 SWITCHING
LAYER 2 SWITCHINGLAYER 2 SWITCHING
LAYER 2 SWITCHING
 
C C N A Day4
C C N A Day4C C N A Day4
C C N A Day4
 
How STP works?
How STP works? How STP works?
How STP works?
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Security
 
Ccnp3 lab 3_1_en (hacer)
Ccnp3 lab 3_1_en (hacer)Ccnp3 lab 3_1_en (hacer)
Ccnp3 lab 3_1_en (hacer)
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
 
Overview of Spanning Tree Protocol
Overview of Spanning Tree ProtocolOverview of Spanning Tree Protocol
Overview of Spanning Tree Protocol
 
Ccna 3 chapter 5 v4.0 answers 2011
Ccna 3 chapter 5 v4.0 answers 2011Ccna 3 chapter 5 v4.0 answers 2011
Ccna 3 chapter 5 v4.0 answers 2011
 
Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)
 
CCNP Study Guide
CCNP Study GuideCCNP Study Guide
CCNP Study Guide
 
Understanding stp-rstp-convergence
Understanding stp-rstp-convergenceUnderstanding stp-rstp-convergence
Understanding stp-rstp-convergence
 
第15讲 Stp
第15讲 Stp第15讲 Stp
第15讲 Stp
 

More from Netwax Lab

Eincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static routeEincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static route
Netwax Lab
 
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Netwax Lab
 
Eincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionEincop Netwax Lab: Redistribution
Eincop Netwax Lab: Redistribution
Netwax Lab
 
Eincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route RedistributionEincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route Redistribution
Netwax Lab
 
Nxll12 zone based firewall
Nxll12 zone based firewallNxll12 zone based firewall
Nxll12 zone based firewall
Netwax Lab
 
Nxll11 bgp
Nxll11 bgpNxll11 bgp
Nxll11 bgp
Netwax Lab
 
Nxll09 access list
Nxll09 access listNxll09 access list
Nxll09 access list
Netwax Lab
 
Nxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarizationNxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarization
Netwax Lab
 
Nxll16 basic asa v8.2
Nxll16 basic asa v8.2Nxll16 basic asa v8.2
Nxll16 basic asa v8.2
Netwax Lab
 
Nxll20 na ting
Nxll20 na ting Nxll20 na ting
Nxll20 na ting
Netwax Lab
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asa
Netwax Lab
 
Nxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNxll17 dynamic routing with asa
Nxll17 dynamic routing with asa
Netwax Lab
 
Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)
Netwax Lab
 
Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)
Netwax Lab
 
Nxll22 role based cli
Nxll22 role based cliNxll22 role based cli
Nxll22 role based cli
Netwax Lab
 
Nxll25 hsrp with failover
Nxll25 hsrp with failoverNxll25 hsrp with failover
Nxll25 hsrp with failover
Netwax Lab
 
Nxll26 bgp ii
Nxll26 bgp iiNxll26 bgp ii
Nxll26 bgp ii
Netwax Lab
 
Nxll28 ospf iii
Nxll28 ospf iiiNxll28 ospf iii
Nxll28 ospf iii
Netwax Lab
 
Eincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiEincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking ii
Netwax Lab
 
Eincop Netwax Lab: EIGRP ii
Eincop Netwax Lab: EIGRP iiEincop Netwax Lab: EIGRP ii
Eincop Netwax Lab: EIGRP ii
Netwax Lab
 

More from Netwax Lab (20)

Eincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static routeEincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static route
 
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
 
Eincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionEincop Netwax Lab: Redistribution
Eincop Netwax Lab: Redistribution
 
Eincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route RedistributionEincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route Redistribution
 
Nxll12 zone based firewall
Nxll12 zone based firewallNxll12 zone based firewall
Nxll12 zone based firewall
 
Nxll11 bgp
Nxll11 bgpNxll11 bgp
Nxll11 bgp
 
Nxll09 access list
Nxll09 access listNxll09 access list
Nxll09 access list
 
Nxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarizationNxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarization
 
Nxll16 basic asa v8.2
Nxll16 basic asa v8.2Nxll16 basic asa v8.2
Nxll16 basic asa v8.2
 
Nxll20 na ting
Nxll20 na ting Nxll20 na ting
Nxll20 na ting
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asa
 
Nxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNxll17 dynamic routing with asa
Nxll17 dynamic routing with asa
 
Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)
 
Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)
 
Nxll22 role based cli
Nxll22 role based cliNxll22 role based cli
Nxll22 role based cli
 
Nxll25 hsrp with failover
Nxll25 hsrp with failoverNxll25 hsrp with failover
Nxll25 hsrp with failover
 
Nxll26 bgp ii
Nxll26 bgp iiNxll26 bgp ii
Nxll26 bgp ii
 
Nxll28 ospf iii
Nxll28 ospf iiiNxll28 ospf iii
Nxll28 ospf iii
 
Eincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiEincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking ii
 
Eincop Netwax Lab: EIGRP ii
Eincop Netwax Lab: EIGRP iiEincop Netwax Lab: EIGRP ii
Eincop Netwax Lab: EIGRP ii
 

Recently uploaded

FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 

STP Protection

  • 1. STP Protection Spanning Tree Protocol (STP) resolves physically redundant topologies into loop-free, tree-like topologies. The biggest issue with STP is that some hardware failures can cause it to fail. This failure creates forwarding loops (or STP loops). Major network outages are caused by STP loops. The loop guard STP feature that is intended to improve the stability of the Layer 2 networks. This document also describes Bridge Protocol Data Unit (BPDU) skew detection. BPDU skew detection is a diagnostic feature that generates syslog messages when BPDUs are not received in time. Figure 1 STP Protection
  • 2. STP Protection Feature Availability CatOS 1. The STP loop guard feature was introduced in CatOS version 6.2.1 of the Catalyst software for Catalyst 4000 and Catalyst 5000 platforms and in version 6.2.2 for the Catalyst 6000 platform. 2. The BPDU skew detection feature was introduced in CatOS version 6.2.1 of the Catalyst software for Catalyst 4000 and Catalyst 5000 platforms and in version 6.2.2 for the Catalyst 6000 platform. Cisco IOS 1. The STP loop guard feature was introduced in Cisco IOS Software Release 12.1(12c)EW for Catalyst 4500 switches and Cisco IOS Software Release 12.1(11b)EX for Catalyst 6500. 2. The BPDU skew detection feature is not supported in Catalyst switches running Cisco IOS system software. Brief Summary of STP Port Roles Internally, STP assigns to each bridge (or switch) port a role that is based on configuration, topology, relative position of the port in the topology, and other considerations. The port role defines the behavior of the port from the STP point of view. Based on the port role, the port either sends or receives STP BPDUs and forwards or blocks the data traffic. This list provides a brief summary of each STP port role: 1. Designated- One designated port is elected per link (segment). The designated port is the port closest to the root bridge. This port sends BPDUs on the link (segment) and forwards traffic towards the root bridge. In an STP converged network, each designated port is in the STP forwarding state. 2. Root- The bridge can have only one root port. The root port is the port that leads to the root bridge. In an STP converged network, the root port is in the STP forwarding state. 3. Alternate- Alternate ports lead to the root bridge, but are not root ports. The alternate ports maintain the STP blocking state. 4. Backup- This is a special case when two or more ports of the same bridge (switch) are connected together, directly or through shared media. In this case, one port is designated, and the remaining ports block. The role for this port is backup.
  • 3. STP Protection Root Guard It is a security feature of STP. It protects our network from root bridge changes. After enabling root guard, if any switch receives BPDU then it will put that port in root inconsistent state. It should apply on all designated trunk ports. We should not configure this feature between those switches which are performing STP load balancing. A feature when it receives BPDU then it put that port in error disable or root inconsistent state. Loop Guard It is a feature of STP. It should be enabling on all the Non-DP ports (root & blocking). After enabling loop guard if switch is receiving BPDUs on a switchport constantly then it will remain in working mode, but if it stops to receive BPDUs on switchport then it will put that switch port in loop inconsistent mode. It is a feature when it receives a BPDU, it remain silent, if it will not receive BPDU then it will put that port in loop inconsistent state or error disable state. (Note: always applied on Non-DP ports.) Consider this example in order to illustrate this behavior: Switch A is the root switch. Switch C does not receive BPDUs from switch B due to unidirectional link failure on the link between switch B and switch C. Without loop guard, the STP blocking port on switch C transitions to the STP listening state when the max_age timer expires, and then it transitions to the forwarding state in two times the forward_delay time. This situation creates a loop. Figure 2
  • 4. STP Protection With loop guard enabled, the blocking port on switch C transitions into STP loop-inconsistent state when the max_age timer expires. A port in STP loop-inconsistent state does not pass user traffic, so a loop is not created. (The loop-inconsistent state is effectively equal to blocking state.) BPDU Guard A feature when it receives BPDU it put that port in error disable mode. (Note: Always applied on access port.) For enable – shut & no shut BPDU Filter When we enable port fast then we save only 32 sec convergence time but STP is still working on the port, if we want to block STP completely on a port then we have to use BPDU filter. (Note: Always applied on access port.) Figure 3 Figure 4
  • 5. STP Protection BPDU Skew Detection STP operation relies heavily on the timely reception of BPDUs. At every hello_time message (2 seconds by default), the root bridge sends BPDUs. Non-root bridges do not regenerate BPDUs for each hello_time message, but they receive relayed BPDUs from the root bridge. Therefore, every non-root bridge should receive BPDUs on every VLAN for each hello_time message. In some cases, BPDUs are lost, or the bridge CPU is too busy to relay BPDU in a timely manner. These issues, as well as other issues, can cause BPDUs to arrive late (if they arrive at all). This issue potentially compromises the stability of the spanning tree topology. BPDU skew detection allows the switch to keep track of BPDUs that arrive late and to notify the administrator with syslog messages. For every port on which a BPDU has ever arrived late (or has skewed), skew detection reports the most recent skew and the duration of the skew (latency). It also reports the longest BPDU delay on this particular port. In order to protect the bridge CPU from overload, a syslog message is not generated every time BPDU skewing occurs. Messages are rate-limited to one message every 60 seconds. However, should the delay of BPDU exceed max_age divided by 2 (which equals 10 seconds by default), the message is immediately printed. (Note: BPDU skew detection is a diagnostic feature. Upon detection of BPDU skewing, it sends a syslog message. BPDU skew detection takes no further corrective action.) This is an example of a syslog message generated by BPDU skew detection: %SPANTREE-2-BPDU_SKEWING: BPDU skewed with a delay of 10 secs (max_age/2) UDLD (Unidirectional Link Detection) Figure 5 UDLD
  • 6. STP Protection UDLD was designed for fiber cables if there is an odd link failure in this situation link status would be up but communication is not possible. To detect this problem we enable UDLD. UDLD sends special message over the trunk and it hope that another switch must echo the same message with same link. If a switch receives echo message it means link is fine. Otherwise there is a problem with link. UDLD takes action according to its modes. UDLD Mode 1. Normal- Syslog Message send 2. Aggressive- (i) Re-establish (ii) Shut (iii) Message Loop Guard versus UDLD Loop guard and Unidirectional Link Detection (UDLD) functionality overlap, partly in the sense that both protect against STP failures caused by unidirectional links. However, these two features differ in functionality and how they approach the problem. This table describes loop guard and UDLD functionality: Functionality Loop Guard UDLD Configuration Per-port Per-port Action granularity Per-VLAN Per-port Autorecover Yes Yes, with err-disable timeout feature Protection against STP failures caused by unidirectional links Yes, when enabled on all root and alternate ports in redundant topology Yes, when enabled on all links in redundant topology Protection against STP failures caused by problems in the software (designated switch does not send BPDU) Yes No Protection against miswiring. No Yes
  • 7. STP Protection Example  Root Guard We enable root guard on all the Designated Port of Switches. Sw4#sh spanning tree Here we can see the Sw4 is the root bridge All the ports of Sw4 is DP Sw4 (config) #int range fa0/19 -24 Sw4 (config-if) #spanning-tree guard root Sw3#sh spanning-tree There is no DP port Sw2#sh spanning-tree 21 to 24 is DP Sw2 (config) #int range fa0/21 – 24 Sw2 (config-if) #spanning-tree guard root Sw1#sh spanning-tree DP is 19 and 20 Figure 6 STP Topology
  • 8. STP Protection Sw1 (config) #int range fa0/19 – 20 Sw1 (config-if) #spanning-tree guard root Finally we enabled root guard on all the switches DP ports. Now we will make Sw3 as Root Bridge for vlan 1 Sw3 (config) #spanning-tree vlan 1 priority 0 Sw3#sh spanning-tree Sw4#sh spanning-tree Now we can see root guard send the port in root inconsistent mode. Sw3 (config) #no spanning-tree vlan 1 priority 0 Sw1#sh spanning-tree  Loop Guard It will apply on all non-DP and blocking port Sw1#sh spanning-tree Fa0/21 is the root port Sw1 (config) #int fa0/21 Sw1 (config-if) #spanning-tree guard loop Sw4 (config) #int fa0/21 Sw4 (config-if) #spanning-tree bpdufilter enable Sw1#sh spanning-tree Sw4 (config) #int fa0/21 Sw4 (config-if) #spanning-tree bpdufilter disable Sw1#sh spanning-tree  BPDU Guard Only applied on Access ports Sw1 (config) #int range fa0/1 – 18 Sw1 (config-if-range) #spanning-tree bpduguard enable Sw1 (config-if-range) #spanning-tree bpdufilter enable
  • 9. STP Protection For globally enabling Sw1 (config) #spanning-tree portfast bpduguard default Sw1 (config) #spanning-tree portfast default Sw1 (config) #spanning-tree portfast bpdufilter default  UDLD Sw1 (config) #udld enable Sw1 (config) #udld aggressive Sw2 (config) #udld enable Sw2 (config) #udld aggressive Sw3 (config) #udld enable Sw3 (config) #udld aggressive Sw4 (config) #udld enable Sw4 (config) #udld aggressive