24-BPDU Filter和BPDU Guard（BPDU过滤和防护） //IOU模拟

24-BPDU Filter和BPDU Guard（BPDU过滤和防护） //IOU模拟

ESW1(config)#vtp domain plESW1(config)#vtp mode server

ESW2(config)#int range f1/0 - 1ESW2(config-if-range)#no shutdown ESW2(config-if-range)#switchport trunk encapsulation dot1qESW2(config-if-range)#switchport mode trunk

ESW2(config)#vtp domain plESW2(config)#vtp mode client

ESW3(config)#int range f1/0 - 1ESW3(config-if-range)#no shutdown ESW3(config-if-range)#switchport trunk encapsulation dot1q ESW3(config-if-range)#switchport mode trunk

ESW3(config)#vtp domain plESW3(config)#vtp mode client

ESW3(config)#int f1/2ESW3(config-if)#no shutdown ESW3(config-if)#switchport mode access

2、部署BPDUfilter全局部署BPDUfilter：IOU3(config)#spanning-tree portfast bpdufilter default

IOU3#show spanning-tree summary totalsSwitch is in pvst modeRoot bridge for: noneExtended system ID is enabledPortfast Default is disabledPortFast BPDU Guard Default is disabledPortfast BPDU Filter Default is enabled

Hacker#debug spanning-tree bpdu receiveSpanning Tree BPDU Received debugging is onHacker#*Apr 26 03:34:17.966: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from Ethernet1/0 , linktype IEEE_SPANNING , enctype 2, encsize 17

IOU3#debug spanning-tree bpdu transmitSpanning Tree BPDU Transmitted debugging is onIOU3#*Apr 26 03:38:05.537: STP: VLAN0001 Et0/0 tx BPDU: config protocol=ieeeData : 0000 00 00 00 8001AABBCC000100 00000064 8001AABBCC000300 8001 0100 1400 0200 0F00

接口下部署BPDUfilter：IOU3(config)#int e1/2IOU3(config-if)#spanning-tree bpdufilter enable

IOU3#show spanning-tree summary totalsSwitch is in pvst modeRoot bridge for: noneExtended system ID is enabledPortfast Default is disabledPortFast BPDU Guard Default is disabledPortfast BPDU Filter Default is enabled

IOU3#debug spanning-tree bpdu transmitSpanning Tree BPDU Transmitted debugging is onIOU3#*Apr 26 04:28:40.190: STP: VLAN0001 Et0/0 tx BPDU: config protocol=ieeeData : 0000 00 00 00 8001AABBCC000100 00000064 8001AABBCC000300 8001 0100 1400 0200 0F00

IOU3#debug spanning-tree bpdu receive Spanning Tree BPDU Received debugging is onIOU3#*Apr 26 04:30:14.396: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from Ethernet1/1 , linktype IEEE_SPANNING , enctype 2, encsize 17

Hacker#debug spanning-tree bpdu receive Spanning Tree BPDU Received debugging is on然后看不到有任何包出现。

IOU3(config-if)#no spanning-tree bpdufilter enableHacker#*Apr 26 04:36:14.565: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from Ethernet1/0 , linktype IEEE_SPANNING , enctype 2, encsize 17 no掉以后Hacker又会有Receive包出现3、部署BPDUGuard和回复机制全局部署：IOU3(config)#spanning-tree portfast bpduguard default

Switch is in pvst modeRoot bridge for: noneExtended system ID is enabledPortfast Default is disabledPortFast BPDU Guard Default is enabledPortfast BPDU Filter Default is disabledLoopguard Default is disabledEtherChannel misconfig guard is enabled

IOU3#show int e1/2 Ethernet1/2 is down, line protocol is down (err-disabled) 成功了！！

接口部署：IOU3(config-if)#spanning-tree bpduguard enable

IOU3#show spanning-tree summary totals Switch is in pvst modeRoot bridge for: noneExtended system ID is enabledPortfast Default is disabledPortFast BPDU Guard Default is disabledPortfast BPDU Filter Default is disabledLoopguard Default is disabledEtherChannel misconfig guard is enabled

IOU3(config)#int e1/2IOU3(config-if)#shutdown IOU3(config-if)#no shutdown

Hacker(config)#int e1/0Hacker(config-if)#shutdown Hacker(config-if)#no shutdown

IOU3#show int e1/2Ethernet1/2 is down, line protocol is down (err-disabled)

接口成功！！！IOU3(config)#errdisable recovery cause bpduguardIOU3(config)#errdisable recovery interval 30

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。