Enhancing STP and Configuring STP Protection Functions part 3

27 0 0 0

Root Protection

3.1 Context
 

151042ednad2jqpnzopdmm.jpg

3.2 Basic Concepts
 

151042gaqjeeaoxtzeziqt.jpg


If SW1 receives superior BPDUs on GE0/0/24 enabled with root protection, SW1 switches the port to the Discarding state. In this way, root protection enforces the root bridge position of SW1.

3. Configuration and Implementation
 

151042x3h8hhfho6kg4vvf.jpg


[SW1] display stp brief
 
MSTID     Port                 Role    STP State         Protection
   0      GigabitEthernet6/0/22   DESI    FORWARDING    NONE
   0      GigabitEthernet6/0/24 DESI     DISCARDING   ROOT

Enable root protection on GE0/0/24. This function ensures that the port is the designated port, and thereby secures the position of the root bridge. Root protection takes effect only on designated ports.

TC Protection
 

151116nzm5bn5vcu80vvcv.jpg

·         After receiving TC BPDUs, a switch will delete MAC address entries and ARP entries. If attackers forge TC BPDUs to attack the switch, the switch deletes MAC address entries and ARP entries frequently. The switch is heavily burdened, causing potential risks to the network.

·         If TC protection is enabled on the switch, after receiving a TC BPDU, the switch starts the timer at an interval of 10 seconds. In this period, if the switch receives another TC BPDU, the switch can delete MAC address entries and ARP entries once at most to protect the switch.

 

 

To learn more:


Enhancing STP and Configuring STP Protection Functions part 1


Enhancing STP and Configuring STP Protection Functions part 2


Enhancing STP and Configuring STP Protection Functions part 4
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top