Can anyone explain the STP Security features. Just like BPDU
guard, Root Guard.
Hi JITENDERA, i m specially looking for u?????
- 2 Answers
- 5862 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / jitendera kumar sinha
Spanning Tree Protocol Features
1 Bridge Protocol Data Unit (BPDU) Guard
2 Root Guard
3 EtherChannel Guard
4 Loop Guard
these 4 are major spaing tree feature
for understand that at first we must understand the spaing
tree term
root bridge-it is the bridge with the best bridge id.it is
the focal point of the network and which point is block and
which point is in forwading mode is are made from the root
bridge.
here comes bpdu gurd
slection cretirea of root bridge depend upon BPdu default
vale 2 sec.
each bpdu conatin
1 mac address
2 bridge priorty(32768 default)
3 bridge identy
so
BPDU contains management and control data information that
is used to determine the root bridge and establish the port
roles—for example: root, designated, or blocked port.
2 root port-.the root port is alway link directly conected
to root bridge.if there is more then one link then port
cost is detirmine if port cost is smae then bridge identy
comes in account
here comes root gurd
in a shairesd swiched envorment where there is many
conection betwen switches it is important to identify the
correct placement of the root bridge.With the Root Guard
feature, a Layer 2 interface is set as the designated port,
and if any device through this port becomes the root
bridge, the interface is placed into the blocked stae
this is all about root gurd
i will expalin two parametar tomorrow because i have some
work
thanks
jitendera kumar sinha
| Is This Answer Correct ? | 1 Yes | 0 No |
Answer / jitendera kumar sinha
here is 3rd answer
ehternet gurd is also known as port securty
let undersatnd what is that
UnderstandingHow PortSecurity Works:
You can use port security to block input to an Ethernet,
Fast Ethernet, or Gigabit Ethernet
port when the MAC address of the station attempting to
access the port is different from
any of the MAC addresses specified for that port.
Alternatively, you can use port security
to filter traffic destined to or received from a specific
host based on the host MAC
address.
When a secure port receives a packet, the source MAC
address of the packet is compared
to the list of secure source addresses that were manually
configured or autoconfigured
(learned) on the port. If a MAC address of a device
attached to the port differs from the
list of secure addresses, the port either shuts down
permanently (default mode), shuts
down for the time you have specified, or drops incoming
packets from the insecure host.
The port's behavior depends on how you configure it to
respond to a security violation.
If a security violation occurs, the Link LED for that port
turns orange, and a link-down
trap is sent to the Simple Network Management Protocol
(SNMP) manager. An SNMP
trap is not sent if you configure the port for restrictive
violation mode. A trap is sent only
if you configure the port to shut down during a security
violation
| Is This Answer Correct ? | 1 Yes | 0 No |
"sap" is used by the Cisco IOS for which encapsulation types? A. Ethernet_802.2 B. Token-Ring C. FDDI_SNAP D. Ethernet_802.3 E. FDDI_802.2
What does vlan provide?
What is the difference between OSPF Exteral Type 1 (O E1) & External Type 2 (O E2) routes????
Which command listed below sets the banner message when someone connects to the router? A.) message # B.) banner # C.) login banner # D.) description # E.) login description # F.) banner motd #
Identify the type of routing protocol that maintains a topological database of the network? A.) Topological state B.) Shortest Path First C.) Link state D.) Distance vector
Explain the benefits of VLANs.
What metric does rip use? How is the metric used to indicate an unreachable network?
Explain the difference between simple authentication and md5?
Which of the following is an example of the Physical Layer? A.) SQL B.) IP C.) LLC D.) Token Ring E.) FDDI F.) TCP
Which mode we can't skip when we come back from interface mode?
what is the difference between dynamic NAT and NAT overload ? and how it works ?
Which global configuration command will tell the router to load the IOS file 'IOS_filename' from the Network File server at 1.2.3.4 during the next boot? A.) boot system flash IOS_filename 1.2.3.4 B.) boot system tftp IOS_filename 1.2.3.4 C.) config-register 0x0 1.2.3.4 D.) boot system rom 1.2.3.4 E.) This can not be done, only the first file in flash can be used.
CCNA 
