Cisco CCNA Study Guide - Router Alley

More documents

Recommendations

Info

CCNA Study Guide v2.62 – Aaron Balchunas 60 STP BackboneFast While UplinkFast allows faster convergence if a directly-connected interface fails, BackboneFast provides the same benefit is an indirectly-connected interface fails. For example, if the Root Bridge fails, another switch will be elected the Root. A switch learning about the new Root Bridge must wait its Max Age timer to flush out the old information, before it will accept the updated info. By default, the Max Age timer is 20 seconds. BackboneFast allows a switch to bypass the Max Age timer if it detects an indirect failure on the network. It will update itself with the new Root info immediately. BackboneFast is configured globally, and should be implemented on all switches in the network when used: Switch(config)# spanning-tree backbonefast Protecting STP STP is vulnerable to attack for two reasons: • STP builds its topology information by accepting a neighboring switch’s BPDU’s. • The Root Bridge is always determined by the lowest Bridge ID. Switches with a low priority can be maliciously placed on the network, and elected the Root Bridge. This may result in a suboptimal or unstable STP topology. Cisco implemented three mechanisms to protect the STP topology: • Root Guard • BPDU Guard • BPDU Filtering All three mechanisms are configured on an individual interface basis, and are disabled by default. When enabled, these mechanisms apply to all VLANs for that particular interface. (Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_35_se/configuration/guide/swstpopt.html) * * * All original material copyright © 2013 by Aaron Balchunas (aaron@routeralley.com), unless otherwise noted. All other material copyright © of their respective owners. This material may be copied and used freely, but may not be altered or sold without the expressed written consent of the owner of the above copyright. Updated material may be found at http://www.routeralley.com.
CCNA Study Guide v2.62 – Aaron Balchunas 61 Root Guard Root Guard prevents an unauthorized switch from advertising itself as a Root Bridge. Switch(config)# interface fa0/10 Switch(config-if)# spanning-tree guard root The above command will prevents the switch from accepting a new Root Bridge off of the fa0/10 interface. If a Root Bridge advertises itself to this port, the port will enter a root-inconsistent state (a pseudo-blocking state): Switch# show spanning-tree inconsistentports Name Interface Inconsistency -------------------- -------------------- ------------------ VLAN100 FastEthernet0/10 Root Inconsistent BPDU Guard and BPDU Filtering BPDU Guard is employed on interfaces that are PortFast-enabled. Under normal circumstances, a PortFast-enabled interface connects to a host device, and thus the interface should never receive a BPDU. If another switch is accidentally or maliciously connected into a PortFast interface, BPDU Guard will place the interface into an errdisable state. More accurately, if an interface configured for BPDU Guard receives a BPDU, then the errdisable state will occur. To enable BPDU Guard: Switch(config)# interface fa0/10 Switch(config-if)# spanning-tree bpduguard enable To take an interface out of an errdisable state, simply disable and re-enable the interface: Switch(config)# interface fa0/10 Switch(config-if)# shutdown Switch(config-if)# no shutdown BPDU Filtering essentially disables STP on a particular interface, by preventing it from sending or receiving BPDU’s: Switch(config)# interface fa0/10 Switch(config-if)# spanning-tree bpdufilter enable * * * All original material copyright © 2013 by Aaron Balchunas (aaron@routeralley.com), unless otherwise noted. All other material copyright © of their respective owners. This material may be copied and used freely, but may not be altered or sold without the expressed written consent of the owner of the above copyright. Updated material may be found at http://www.routeralley.com.
Page 1 and 2:
CCNA Study Guide v2.62 - Aaron Balc
Page 3 and 4:
Page 5 and 6:
Page 7 and 8:
Page 9 and 10: CCNA Study Guide v2.62 - Aaron Balc
Page 59: CCNA Study Guide v2.62 - Aaron Balc
Page 75: CCNA Study Guide v2.62 - Aaron Balc
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 242 and 243:
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
Page 294 and 295:
Page 296 and 297:
Page 298 and 299:
Page 300 and 301:
Page 302 and 303:
Page 304:
show all

Cisco CCNA Study Guide - Router Alley

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?