unsubscribe
On Fri, Jan 13, 2012 at 12:01 AM, On Behalf Of Kama Raditya < [email protected]> wrote: > What about using dot1x > Powered by Telkomsel BlackBerry® > > -----Original Message----- > From: CCIE KID <[email protected]> > Sender: [email protected] > Date: Fri, 13 Jan 2012 10:04:44 > To: Adam Booth<[email protected]> > Cc: CCIE OSL<[email protected]>; Cisco certification< > [email protected]> > Subject: Re: [OSL | CCIE_RS] OT: Authentication in STP > > Hi Adam, > > I am looking for checking the device legibility based on BPDU or using MAC > address generated by the switch > > When a switch is connected , what is the first packet it if going to > generate and what will be the port status of it comes into picture? > > When a switch is connected to ur network the very first packet is going to > be discovery packets. so possibly doing a MAC security is much more than > STP authentication.. Is it wat u r explaining Adam. > > Or else it is different. > > > > > On Fri, Jan 13, 2012 at 9:41 AM, Adam Booth <[email protected]> wrote: > > > Maybe implementing some processes like shutting down unused ports and > > putting them into invalid VLANs and potentially doing something when you > > see an alarm when a port flaps > > > > What you describe sounds more like a network discovery/inventory > > management problem actually. Tentatively you could check CDP/LLDP > > neighbors to find rogue devices > > > > Tentatively you could look at 802.1AE (MACSec) but I think it's overkill > > > > > > On Fri, Jan 13, 2012 at 1:18 PM, CCIE KID <[email protected]> wrote: > > > >> Hi buddy, > >> > >> We are using VTP in Transparent mode. So it is literally turning off > VTP. > >> It is not all about VTP password. Customer wants to check a particular > >> switch when connected to the network should be a legitimate switch and > it > >> should be checked against a database to authenticate whether it is a > >> legitimate switch or a rogue switch. > >> > >> Thats what i am looking for some authentication with respect to STP. > >> > >> > >> > >> > >> > >> > >> On Fri, Jan 13, 2012 at 4:44 AM, WaLeEd AlShErIf <[email protected] > >> >wrote: > >> > >> > I agree with David , you need to use VTP password , here is a link for > >> it > >> > > >> > > >> > > >> > http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml > >> > > >> > Yours, > >> > Waleed > >> > > >> > *From:* David Sudjiman <[email protected]> > >> > *To:* CCIE KID <[email protected]> > >> > *Cc:* CCIE OSL <[email protected]>; Cisco certification < > >> > [email protected]> > >> > *Sent:* Thursday, January 12, 2012 11:56 PM > >> > *Subject:* Re: [OSL | CCIE_RS] OT: Authentication in STP > >> > >> > > >> > Your customer didn't mistakenly read about VTP password? > >> > > >> > Regards, > >> > David Sudjiman > >> > (Sent from Mobile) > >> > > >> > On 13/01/2012, at 5:22 AM, CCIE KID <[email protected]> wrote: > >> > > >> > > Hi fellas, > >> > > > >> > > My customer is asking for any authentication in STP. Can someone > tell > >> me > >> > > that if there is any Authentication mechanism in STP to validate to > >> > correct > >> > > birdges with some hash value and try to avoid rogue bridges with > >> this. I > >> > > searched in RFC's and i guess there is no Authentication mechanism > in > >> > STP . > >> > > So is there any other IEEE standard for STP Authentication. > >> > > I found Cisco Proprietary Root Guards which basically tells avoid > any > >> > > superior BPDUs and avoid that port as Root port. > >> > > > >> > > I know Root Guard doesnt do any authentication . But is there any > >> other > >> > > mechnaism where can do authenticating the bridges in STP logic > >> > > > >> > > I believe Radia Perlman is still kicking for this :) > >> > > > >> > > > >> > > -- > >> > > With Warmest Regards, > >> > > > >> > > CCIE KID > >> > > CCIE#29992 (Security) > >> > > _______________________________________________ > >> > > For more information regarding industry leading CCIE Lab training, > >> > please visit www.ipexpert.com > >> > > > >> > > Are you a CCNP or CCIE and looking for a job? Check out > >> > www.PlatinumPlacement.com <http://www.platinumplacement.com/> > >> > >> > > > >> > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > >> > _______________________________________________ > >> > For more information regarding industry leading CCIE Lab training, > >> please > >> > visit www.ipexpert.com > >> > > >> > Are you a CCNP or CCIE and looking for a job? Check out > >> > www.PlatinumPlacement.com > >> > > >> > http://onlinestudylist.com/mailman/listinfo/ccie_rs > >> > > >> > > >> > > >> > >> > >> -- > >> With Warmest Regards, > >> > >> CCIE KID > >> CCIE#29992 (Security) > >> _______________________________________________ > >> For more information regarding industry leading CCIE Lab training, > please > >> visit www.ipexpert.com > >> > >> Are you a CCNP or CCIE and looking for a job? Check out > >> www.PlatinumPlacement.com > >> > >> http://onlinestudylist.com/mailman/listinfo/ccie_rs > >> > > > > > > > -- > With Warmest Regards, > > CCIE KID > CCIE#29992 (Security) > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
