It seems that Juniper also support BPDU guard feature! at least they refer it in their document:
http://www.juniper.net/us/en/local/pdf/implementation-guides/8010002-en.pdf On Fri, Jan 13, 2012 at 3:58 PM, CCIE KID <[email protected]> wrote: > No i am talking about having Juniper switches on distribution and access > layer switches as Cisco . > So probably when u connect a Cisco switch towards the distribution switch. > > 802.1x is the port based authentication . so probably my customer is > focussed more on Devices rather than the ports it is connected to. > So probably one idea is to use MAC based authentication or else inside > BPDUS we wil use a Hash value which we can create > some thing and validate. > > > > > > On Fri, Jan 13, 2012 at 10:23 AM, Pedram Zadeh <[email protected]>wrote: > >> And, besides, if you have Cisco switch on one side, that solution still >> works because you implement it on your Cisco switch. STP BPDU is not Cisco >> proprietary, so Juniper switch also will send BPDU. >> >> >> On Fri, Jan 13, 2012 at 3:40 PM, CCIE KID <[email protected]> wrote: >> >>> Hi Pedram, >>> >>> All the protocols which u guys say is CISCO PROPRIETARY .. Is there any >>> open standard ptotocol which does this job. If i connect a Alcatel Lucent >>> switch or else a Juniper Switch , how will a Cisco Switch react.. >>> >>> So thats what the whole point here? >>> >>> >>> >>> On Fri, Jan 13, 2012 at 10:03 AM, Pedram Zadeh >>> <[email protected]>wrote: >>> >>>> For this goal, you should configure *all* access ports as portfast and >>>> also configure spanning-tree portfast bpduguard default. If any rogue >>>> switch get connected and start to participate in STP process, the port will >>>> be put in err-disable mode and they should get administrator to resolve it! >>>> syslog and snmp trap also can be configured to notify admin as well. >>>> >>>> On Fri, Jan 13, 2012 at 2:18 PM, CCIE KID <[email protected]> wrote: >>>> >>>>> Hi buddy, >>>>> >>>>> We are using VTP in Transparent mode. So it is literally turning off >>>>> VTP. >>>>> It is not all about VTP password. Customer wants to check a particular >>>>> switch when connected to the network should be a legitimate switch and >>>>> it >>>>> should be checked against a database to authenticate whether it is a >>>>> legitimate switch or a rogue switch. >>>>> >>>>> Thats what i am looking for some authentication with respect to STP. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Fri, Jan 13, 2012 at 4:44 AM, WaLeEd AlShErIf < >>>>> [email protected]>wrote: >>>>> >>>>> > I agree with David , you need to use VTP password , here is a link >>>>> for it >>>>> > >>>>> > >>>>> > >>>>> http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml >>>>> > >>>>> > Yours, >>>>> > Waleed >>>>> > >>>>> > *From:* David Sudjiman <[email protected]> >>>>> > *To:* CCIE KID <[email protected]> >>>>> > *Cc:* CCIE OSL <[email protected]>; Cisco certification < >>>>> > [email protected]> >>>>> > *Sent:* Thursday, January 12, 2012 11:56 PM >>>>> > *Subject:* Re: [OSL | CCIE_RS] OT: Authentication in STP >>>>> >>>>> > >>>>> > Your customer didn't mistakenly read about VTP password? >>>>> > >>>>> > Regards, >>>>> > David Sudjiman >>>>> > (Sent from Mobile) >>>>> > >>>>> > On 13/01/2012, at 5:22 AM, CCIE KID <[email protected]> wrote: >>>>> > >>>>> > > Hi fellas, >>>>> > > >>>>> > > My customer is asking for any authentication in STP. Can someone >>>>> tell me >>>>> > > that if there is any Authentication mechanism in STP to validate to >>>>> > correct >>>>> > > birdges with some hash value and try to avoid rogue bridges with >>>>> this. I >>>>> > > searched in RFC's and i guess there is no Authentication mechanism >>>>> in >>>>> > STP . >>>>> > > So is there any other IEEE standard for STP Authentication. >>>>> > > I found Cisco Proprietary Root Guards which basically tells avoid >>>>> any >>>>> > > superior BPDUs and avoid that port as Root port. >>>>> > > >>>>> > > I know Root Guard doesnt do any authentication . But is there any >>>>> other >>>>> > > mechnaism where can do authenticating the bridges in STP logic >>>>> > > >>>>> > > I believe Radia Perlman is still kicking for this :) >>>>> > > >>>>> > > >>>>> > > -- >>>>> > > With Warmest Regards, >>>>> > > >>>>> > > CCIE KID >>>>> > > CCIE#29992 (Security) >>>>> > > _______________________________________________ >>>>> > > For more information regarding industry leading CCIE Lab training, >>>>> > please visit www.ipexpert.com >>>>> > > >>>>> > > Are you a CCNP or CCIE and looking for a job? Check out >>>>> > www.PlatinumPlacement.com <http://www.platinumplacement.com/> >>>>> >>>>> > > >>>>> > > http://onlinestudylist.com/mailman/listinfo/ccie_rs >>>>> > _______________________________________________ >>>>> > For more information regarding industry leading CCIE Lab training, >>>>> please >>>>> > visit www.ipexpert.com >>>>> > >>>>> > Are you a CCNP or CCIE and looking for a job? Check out >>>>> > www.PlatinumPlacement.com >>>>> > >>>>> > http://onlinestudylist.com/mailman/listinfo/ccie_rs >>>>> > >>>>> > >>>>> > >>>>> >>>>> >>>>> -- >>>>> With Warmest Regards, >>>>> >>>>> CCIE KID >>>>> CCIE#29992 (Security) >>>>> _______________________________________________ >>>>> For more information regarding industry leading CCIE Lab training, >>>>> please visit www.ipexpert.com >>>>> >>>>> Are you a CCNP or CCIE and looking for a job? Check out >>>>> www.PlatinumPlacement.com >>>>> >>>>> http://onlinestudylist.com/mailman/listinfo/ccie_rs >>>>> >>>> >>>> >>> >>> >>> -- >>> With Warmest Regards, >>> >>> CCIE KID >>> CCIE#29992 (Security) >>> >>> >>> >> > > > -- > With Warmest Regards, > > CCIE KID > CCIE#29992 (Security) > > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
