I would say "STP Authentication mechanism" would be exactly similar to BPDU guard! I cannot see any difference in results.
On Fri, Jan 13, 2012 at 4:26 PM, Donald Robb <[email protected]> wrote: > In that case you could try 802.1x authentication across the ports as a > solution.**** > > Also some NMS’s can watch the mac tables.**** > > ** ** > > I would imagine they never bothered with a secure STP because it would > kill compatibility with dumb switches etc.**** > > ** ** > > ** ** > > ** ** > > Cheers,**** > > Donald Robb**** > > Productive Networks / Network Consultant**** > > ______________________________________________________________**** > > CCIE Written, CCIP, CCSP, CCDP, CCNP, CCNA: Voice, JNCIP, SCP, MCSA 2003, > Security+, CCSE.R65, PACE**** > > Experts-Exchange: Guru – R&S**** > > ** ** > > *From:* CCIE KID [mailto:[email protected]] > *Sent:* January-12-12 10:18 PM > *To:* Donald Robb > *Cc:* Pedram Zadeh; CCIE OSL; Cisco certification > *Subject:* Re: [OSL | CCIE_RS] OT: Authentication in STP**** > > ** ** > > Hi Donald, > > I dont want to err-disable the port. Just do a authentication based on MAC > address or else BPDU generated from the switch. So i would like to talk > about STP AUTHENTICATION which can be done to authenticate the switch. > > Why people didnt invent any STP Authentication mechanism? Is there > anything whihc is not pushing them to write a RFC on STP Authentication. > > > **** > > On Fri, Jan 13, 2012 at 10:39 AM, Donald Robb <[email protected]> > wrote:**** > > The protocols are Cisco proprietary but that doesn't mean that other > vendors > don't have similar features, Juniper switches call bpduguard BPDU-Protect > for example. > Anyway the basic functionality is the same across vendors if the switch > detects a BPDU from any device it will disable the port etc.**** > > > Cheers, > Donald Robb > Productive Networks / Network Consultant > ______________________________________________________________ > CCIE Written, CCIP, CCSP, CCDP, CCNP, CCNA: Voice, JNCIP, SCP, MCSA 2003, > Security+, CCSE.R65, PACE > Experts-Exchange: Guru - R&S > > > -----Original Message----- > From: [email protected]**** > > [mailto:[email protected]] On Behalf Of CCIE KID > Sent: January-12-12 9:40 PM > To: Pedram Zadeh > Cc: CCIE OSL; Cisco certification**** > > Subject: Re: [OSL | CCIE_RS] OT: Authentication in STP > > Hi Pedram, > > All the protocols which u guys say is CISCO PROPRIETARY .. Is there any > open > standard ptotocol which does this job. If i connect a Alcatel Lucent switch > or else a Juniper Switch , how will a Cisco Switch react.. > > So thats what the whole point here? > > > > On Fri, Jan 13, 2012 at 10:03 AM, Pedram Zadeh > <[email protected]>wrote:**** > > > For this goal, you should configure *all* access ports as portfast and** > ** > > > also configure spanning-tree portfast bpduguard default. If any rogue > > switch get connected and start to participate in STP process, the port > > will be put in err-disable mode and they should get administrator to > resolve it! > > syslog and snmp trap also can be configured to notify admin as well. > > > > On Fri, Jan 13, 2012 at 2:18 PM, CCIE KID <[email protected]> wrote: > > > >> Hi buddy, > >> > >> We are using VTP in Transparent mode. So it is literally turning off > VTP. > >> It is not all about VTP password. Customer wants to check a > >> particular switch when connected to the network should be a > >> legitimate switch and it should be checked against a database to > >> authenticate whether it is a legitimate switch or a rogue switch. > >> > >> Thats what i am looking for some authentication with respect to STP. > >> > >> > >> > >> > >> > >> > >> On Fri, Jan 13, 2012 at 4:44 AM, WaLeEd AlShErIf > >> <[email protected] > >> >wrote: > >> > >> > I agree with David , you need to use VTP password , here is a link > >> > for > >> it > >> > > >> > > >> > > >> http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note091 > >> 86a0080094c52.shtml > >> > > >> > Yours, > >> > Waleed > >> > > >> > *From:* David Sudjiman <[email protected]> > >> > *To:* CCIE KID <[email protected]> > >> > *Cc:* CCIE OSL <[email protected]>; Cisco certification < > >> > [email protected]> > >> > *Sent:* Thursday, January 12, 2012 11:56 PM > >> > *Subject:* Re: [OSL | CCIE_RS] OT: Authentication in STP > >> > >> > > >> > Your customer didn't mistakenly read about VTP password? > >> > > >> > Regards, > >> > David Sudjiman > >> > (Sent from Mobile) > >> > > >> > On 13/01/2012, at 5:22 AM, CCIE KID <[email protected]> wrote: > >> > > >> > > Hi fellas, > >> > > > >> > > My customer is asking for any authentication in STP. Can someone > >> > > tell > >> me > >> > > that if there is any Authentication mechanism in STP to validate > >> > > to > >> > correct > >> > > birdges with some hash value and try to avoid rogue bridges with > >> this. I > >> > > searched in RFC's and i guess there is no Authentication > >> > > mechanism in > >> > STP . > >> > > So is there any other IEEE standard for STP Authentication. > >> > > I found Cisco Proprietary Root Guards which basically tells avoid > >> > > any superior BPDUs and avoid that port as Root port. > >> > > > >> > > I know Root Guard doesnt do any authentication . But is there any > >> other > >> > > mechnaism where can do authenticating the bridges in STP logic > >> > > > >> > > I believe Radia Perlman is still kicking for this :) > >> > > > >> > > > >> > > -- > >> > > With Warmest Regards, > >> > > > >> > > CCIE KID > >> > > CCIE#29992 (Security) > >> > > _______________________________________________ > >> > > For more information regarding industry leading CCIE Lab > >> > > training, > >> > please visit www.ipexpert.com > >> > > > >> > > Are you a CCNP or CCIE and looking for a job? Check out > >> > www.PlatinumPlacement.com <http://www.platinumplacement.com/> > >> > >> > > > >> > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > >> > _______________________________________________ > >> > For more information regarding industry leading CCIE Lab training, > >> please > >> > visit www.ipexpert.com > >> > > >> > Are you a CCNP or CCIE and looking for a job? Check out > >> > www.PlatinumPlacement.com > >> > > >> > http://onlinestudylist.com/mailman/listinfo/ccie_rs > >> > > >> > > >> > > >> > >> > >> -- > >> With Warmest Regards, > >> > >> CCIE KID > >> CCIE#29992 (Security) > >> _______________________________________________ > >> For more information regarding industry leading CCIE Lab training, > >> please visit www.ipexpert.com > >> > >> Are you a CCNP or CCIE and looking for a job? Check out > >> www.PlatinumPlacement.com > >> > >> http://onlinestudylist.com/mailman/listinfo/ccie_rs > >> > > > > > > > -- > With Warmest Regards, > > CCIE KID > CCIE#29992 (Security) > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs**** > > > > > -- > With Warmest Regards, > > CCIE KID > CCIE#29992 (Security) > > **** > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
