Hi Adam, I am looking for checking the device legibility based on BPDU or using MAC address generated by the switch
When a switch is connected , what is the first packet it if going to generate and what will be the port status of it comes into picture? When a switch is connected to ur network the very first packet is going to be discovery packets. so possibly doing a MAC security is much more than STP authentication.. Is it wat u r explaining Adam. Or else it is different. On Fri, Jan 13, 2012 at 9:41 AM, Adam Booth <[email protected]> wrote: > Maybe implementing some processes like shutting down unused ports and > putting them into invalid VLANs and potentially doing something when you > see an alarm when a port flaps > > What you describe sounds more like a network discovery/inventory > management problem actually. Tentatively you could check CDP/LLDP > neighbors to find rogue devices > > Tentatively you could look at 802.1AE (MACSec) but I think it's overkill > > > On Fri, Jan 13, 2012 at 1:18 PM, CCIE KID <[email protected]> wrote: > >> Hi buddy, >> >> We are using VTP in Transparent mode. So it is literally turning off VTP. >> It is not all about VTP password. Customer wants to check a particular >> switch when connected to the network should be a legitimate switch and it >> should be checked against a database to authenticate whether it is a >> legitimate switch or a rogue switch. >> >> Thats what i am looking for some authentication with respect to STP. >> >> >> >> >> >> >> On Fri, Jan 13, 2012 at 4:44 AM, WaLeEd AlShErIf <[email protected] >> >wrote: >> >> > I agree with David , you need to use VTP password , here is a link for >> it >> > >> > >> > >> http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml >> > >> > Yours, >> > Waleed >> > >> > *From:* David Sudjiman <[email protected]> >> > *To:* CCIE KID <[email protected]> >> > *Cc:* CCIE OSL <[email protected]>; Cisco certification < >> > [email protected]> >> > *Sent:* Thursday, January 12, 2012 11:56 PM >> > *Subject:* Re: [OSL | CCIE_RS] OT: Authentication in STP >> >> > >> > Your customer didn't mistakenly read about VTP password? >> > >> > Regards, >> > David Sudjiman >> > (Sent from Mobile) >> > >> > On 13/01/2012, at 5:22 AM, CCIE KID <[email protected]> wrote: >> > >> > > Hi fellas, >> > > >> > > My customer is asking for any authentication in STP. Can someone tell >> me >> > > that if there is any Authentication mechanism in STP to validate to >> > correct >> > > birdges with some hash value and try to avoid rogue bridges with >> this. I >> > > searched in RFC's and i guess there is no Authentication mechanism in >> > STP . >> > > So is there any other IEEE standard for STP Authentication. >> > > I found Cisco Proprietary Root Guards which basically tells avoid any >> > > superior BPDUs and avoid that port as Root port. >> > > >> > > I know Root Guard doesnt do any authentication . But is there any >> other >> > > mechnaism where can do authenticating the bridges in STP logic >> > > >> > > I believe Radia Perlman is still kicking for this :) >> > > >> > > >> > > -- >> > > With Warmest Regards, >> > > >> > > CCIE KID >> > > CCIE#29992 (Security) >> > > _______________________________________________ >> > > For more information regarding industry leading CCIE Lab training, >> > please visit www.ipexpert.com >> > > >> > > Are you a CCNP or CCIE and looking for a job? Check out >> > www.PlatinumPlacement.com <http://www.platinumplacement.com/> >> >> > > >> > > http://onlinestudylist.com/mailman/listinfo/ccie_rs >> > _______________________________________________ >> > For more information regarding industry leading CCIE Lab training, >> please >> > visit www.ipexpert.com >> > >> > Are you a CCNP or CCIE and looking for a job? Check out >> > www.PlatinumPlacement.com >> > >> > http://onlinestudylist.com/mailman/listinfo/ccie_rs >> > >> > >> > >> >> >> -- >> With Warmest Regards, >> >> CCIE KID >> CCIE#29992 (Security) >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> > > -- With Warmest Regards, CCIE KID CCIE#29992 (Security) _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
