Preventing STP Manipulation Attacks

To mitigate STP manipulation, use the root guard and BPDU guard features in the Cisco IOS Software. These commands enforce the placement of the root bridge and the STP domain borders. The STP root guard feature is designed to allow the placement of the root bridge in the network. The STP BPDU guard is used to keep all active network topology predictable.

Example 14-2 shows an example of enabling BPDU guard, using portfast , to disable ports upon detection of a BPDU message and to disable ports that would become the root bridge because of their BPDU advertisement.

0 0

Post a comment