LAB7:生成树防护(STP Guard)
一、实验目的
1、掌握生成树防护的应用及配置
二、实验内容
拓扑图:
需求:
1、防止攻击者使用STP攻击网络
三、实验配置
配置:
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#spanning-tree bpdufilter enable
(启用BPDU过滤功能,在此端口不接受/发送BPDU报文)
Switch(config-if)#spanning-tree bpduguard enable
(启用BPDU防护功能,在此端口不接受BPDU;收到BPDU,端口禁用)
Switch(config-if)#spanning-tree guard root
(启用STP根防护功能,在此端口不接受拥有更优BID的BPDU报文)
验证:
1、Switch#show spanning-tree interface fastEthernet 0/24 detail
Port 24 (FastEthernet0/24) of VLAN0001 is designated forwarding
Port path cost 3019, Port priority 128, Port Identifier 128.24.
Designated root has priority 32769, address 0009.7ca7.7d00
Designated bridge has priority 49153, address 0011.9391.2680
Designated port id is 128.24, designated path cost 3019
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
Bpdu guard is enabled (端口启用BPDU防护)
Bpdu filter is enabled (端口启用了BPDU过滤)
Root guard is enabled on the port (端口启用根防护)
BPDU: sent 0, received 0 (在此端口没收发任何BPDU报文)
