For this goal, you should configure *all* access ports as portfast and also configure spanning-tree portfast bpduguard default. If any rogue switch get connected and start to participate in STP process, the port will be put in err-disable mode and they should get administrator to resolve it! syslog and snmp trap also can be configured to notify admin as well.
On Fri, Jan 13, 2012 at 2:18 PM, CCIE KID <[email protected]> wrote: > Hi buddy, > > We are using VTP in Transparent mode. So it is literally turning off VTP. > It is not all about VTP password. Customer wants to check a particular > switch when connected to the network should be a legitimate switch and it > should be checked against a database to authenticate whether it is a > legitimate switch or a rogue switch. > > Thats what i am looking for some authentication with respect to STP. > > > > > > > On Fri, Jan 13, 2012 at 4:44 AM, WaLeEd AlShErIf <[email protected] > >wrote: > > > I agree with David , you need to use VTP password , here is a link for it > > > > > > > http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml > > > > Yours, > > Waleed > > > > *From:* David Sudjiman <[email protected]> > > *To:* CCIE KID <[email protected]> > > *Cc:* CCIE OSL <[email protected]>; Cisco certification < > > [email protected]> > > *Sent:* Thursday, January 12, 2012 11:56 PM > > *Subject:* Re: [OSL | CCIE_RS] OT: Authentication in STP > > > > Your customer didn't mistakenly read about VTP password? > > > > Regards, > > David Sudjiman > > (Sent from Mobile) > > > > On 13/01/2012, at 5:22 AM, CCIE KID <[email protected]> wrote: > > > > > Hi fellas, > > > > > > My customer is asking for any authentication in STP. Can someone tell > me > > > that if there is any Authentication mechanism in STP to validate to > > correct > > > birdges with some hash value and try to avoid rogue bridges with this. > I > > > searched in RFC's and i guess there is no Authentication mechanism in > > STP . > > > So is there any other IEEE standard for STP Authentication. > > > I found Cisco Proprietary Root Guards which basically tells avoid any > > > superior BPDUs and avoid that port as Root port. > > > > > > I know Root Guard doesnt do any authentication . But is there any other > > > mechnaism where can do authenticating the bridges in STP logic > > > > > > I believe Radia Perlman is still kicking for this :) > > > > > > > > > -- > > > With Warmest Regards, > > > > > > CCIE KID > > > CCIE#29992 (Security) > > > _______________________________________________ > > > For more information regarding industry leading CCIE Lab training, > > please visit www.ipexpert.com > > > > > > Are you a CCNP or CCIE and looking for a job? Check out > > www.PlatinumPlacement.com <http://www.platinumplacement.com/> > > > > > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > > www.PlatinumPlacement.com > > > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > > > > > > > > > -- > With Warmest Regards, > > CCIE KID > CCIE#29992 (Security) > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
