Hi Donald, I dont want to err-disable the port. Just do a authentication based on MAC address or else BPDU generated from the switch. So i would like to talk about STP AUTHENTICATION which can be done to authenticate the switch.
Why people didnt invent any STP Authentication mechanism? Is there anything whihc is not pushing them to write a RFC on STP Authentication. On Fri, Jan 13, 2012 at 10:39 AM, Donald Robb <[email protected]>wrote: > The protocols are Cisco proprietary but that doesn't mean that other > vendors > don't have similar features, Juniper switches call bpduguard BPDU-Protect > for example. > Anyway the basic functionality is the same across vendors if the switch > detects a BPDU from any device it will disable the port etc. > > Cheers, > Donald Robb > Productive Networks / Network Consultant > ______________________________________________________________ > CCIE Written, CCIP, CCSP, CCDP, CCNP, CCNA: Voice, JNCIP, SCP, MCSA 2003, > Security+, CCSE.R65, PACE > Experts-Exchange: Guru - R&S > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of CCIE KID > Sent: January-12-12 9:40 PM > To: Pedram Zadeh > Cc: CCIE OSL; Cisco certification > Subject: Re: [OSL | CCIE_RS] OT: Authentication in STP > > Hi Pedram, > > All the protocols which u guys say is CISCO PROPRIETARY .. Is there any > open > standard ptotocol which does this job. If i connect a Alcatel Lucent switch > or else a Juniper Switch , how will a Cisco Switch react.. > > So thats what the whole point here? > > > > On Fri, Jan 13, 2012 at 10:03 AM, Pedram Zadeh > <[email protected]>wrote: > > > For this goal, you should configure *all* access ports as portfast and > > also configure spanning-tree portfast bpduguard default. If any rogue > > switch get connected and start to participate in STP process, the port > > will be put in err-disable mode and they should get administrator to > resolve it! > > syslog and snmp trap also can be configured to notify admin as well. > > > > On Fri, Jan 13, 2012 at 2:18 PM, CCIE KID <[email protected]> wrote: > > > >> Hi buddy, > >> > >> We are using VTP in Transparent mode. So it is literally turning off > VTP. > >> It is not all about VTP password. Customer wants to check a > >> particular switch when connected to the network should be a > >> legitimate switch and it should be checked against a database to > >> authenticate whether it is a legitimate switch or a rogue switch. > >> > >> Thats what i am looking for some authentication with respect to STP. > >> > >> > >> > >> > >> > >> > >> On Fri, Jan 13, 2012 at 4:44 AM, WaLeEd AlShErIf > >> <[email protected] > >> >wrote: > >> > >> > I agree with David , you need to use VTP password , here is a link > >> > for > >> it > >> > > >> > > >> > > >> http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note091 > >> 86a0080094c52.shtml > >> > > >> > Yours, > >> > Waleed > >> > > >> > *From:* David Sudjiman <[email protected]> > >> > *To:* CCIE KID <[email protected]> > >> > *Cc:* CCIE OSL <[email protected]>; Cisco certification < > >> > [email protected]> > >> > *Sent:* Thursday, January 12, 2012 11:56 PM > >> > *Subject:* Re: [OSL | CCIE_RS] OT: Authentication in STP > >> > >> > > >> > Your customer didn't mistakenly read about VTP password? > >> > > >> > Regards, > >> > David Sudjiman > >> > (Sent from Mobile) > >> > > >> > On 13/01/2012, at 5:22 AM, CCIE KID <[email protected]> wrote: > >> > > >> > > Hi fellas, > >> > > > >> > > My customer is asking for any authentication in STP. Can someone > >> > > tell > >> me > >> > > that if there is any Authentication mechanism in STP to validate > >> > > to > >> > correct > >> > > birdges with some hash value and try to avoid rogue bridges with > >> this. I > >> > > searched in RFC's and i guess there is no Authentication > >> > > mechanism in > >> > STP . > >> > > So is there any other IEEE standard for STP Authentication. > >> > > I found Cisco Proprietary Root Guards which basically tells avoid > >> > > any superior BPDUs and avoid that port as Root port. > >> > > > >> > > I know Root Guard doesnt do any authentication . But is there any > >> other > >> > > mechnaism where can do authenticating the bridges in STP logic > >> > > > >> > > I believe Radia Perlman is still kicking for this :) > >> > > > >> > > > >> > > -- > >> > > With Warmest Regards, > >> > > > >> > > CCIE KID > >> > > CCIE#29992 (Security) > >> > > _______________________________________________ > >> > > For more information regarding industry leading CCIE Lab > >> > > training, > >> > please visit www.ipexpert.com > >> > > > >> > > Are you a CCNP or CCIE and looking for a job? Check out > >> > www.PlatinumPlacement.com <http://www.platinumplacement.com/> > >> > >> > > > >> > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > >> > _______________________________________________ > >> > For more information regarding industry leading CCIE Lab training, > >> please > >> > visit www.ipexpert.com > >> > > >> > Are you a CCNP or CCIE and looking for a job? Check out > >> > www.PlatinumPlacement.com > >> > > >> > http://onlinestudylist.com/mailman/listinfo/ccie_rs > >> > > >> > > >> > > >> > >> > >> -- > >> With Warmest Regards, > >> > >> CCIE KID > >> CCIE#29992 (Security) > >> _______________________________________________ > >> For more information regarding industry leading CCIE Lab training, > >> please visit www.ipexpert.com > >> > >> Are you a CCNP or CCIE and looking for a job? Check out > >> www.PlatinumPlacement.com > >> > >> http://onlinestudylist.com/mailman/listinfo/ccie_rs > >> > > > > > > > -- > With Warmest Regards, > > CCIE KID > CCIE#29992 (Security) > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > > -- With Warmest Regards, CCIE KID CCIE#29992 (Security) _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
