[Show page]
[Old revisions]
[[unknown link type]]
[
]

Differences

This shows you the differences between two versions of the page.

--- linux:skoleni:cisco [2015/10/18 01:53]
admin [PVST+ - VLAN time]
+++ linux:skoleni:cisco [2015/10/18 14:02] (current)
admin [STP - What it solves?]
@@ Line 38: / Line 38: @@
 </code>
+==== Creating broadcast storm====
+First create a loop, then we disable stp and finaly one ping will send arp broadcast. Lets suppose the loop goes from port fa0/5 somewhere. Clear the counters and check the state of interface
+<code>
+   show interface fa0/5
+   clear counters
+   show interface fa0/5
+</code>
+   no spanning-tree vlan 1
+And check vlans by
+   show vlan brief
+Assign random IP to layer 3 interface vlan 1 and ping
+<code>
+   conf t
+      int vlan 1
+         ip 1.0.0.1 255.0.0.0
+         no shut
+         end
+</code>
+Check it by
+   show ip int brief | ex una
+and ping, just once
+    ping 1.0.0.2 repeat 1
+Check the interface with loop on vlan 1
+    show interface fa0/5
 =====STP=====
 {{ :linux:skoleni:stp-cost.png |}}
@@ Line 73: / Line 98: @@
 Let's suppose you're running an office network with STP. What if someone sent bad ''BPDU'' frames to you switches? He could re-route all the traffic throught his black-hat-notebook
 {{ :linux:skoleni:black-hat-notebook.jpeg|}}
+You can filter or guard incomming ''BPDU'' packets
+  * filter - ignores and discard the packet
+  * guard - the port is put in the error-disabled state
+<code>
+Switch(config-if)# spanning-tree portfast bpdufilter default
+Switch(config-if)# spanning-tree bpduguard enable
+</code>
 There is no //more or less// static arp, but the interval could be longer.

linux/skoleni/cisco.1445125987.txt.gz · Last modified: 2015/10/18 01:53 by admin