Showing posts with label STP Root_Guard. Show all posts
Showing posts with label STP Root_Guard. Show all posts

Tuesday, 15 January 2019

What is Root guard and how to prevent Root guard attack?


The root guard prevents the wrong switch from becoming the spanning tree root. If a root guard port receives a superior BPDU that might cause it to become a root port, the port is put into a “root-inconsistent” state and does not pass traffic through it. If the port stops receiving these BPDUs, it automatically re-enables itself.






In short- Root Guard is similar to the BPDU Guard. The root guard feature prevents a designating port from becoming a root port.

let's see the configuration: -
Topology:








 Goal:
  • configure the topology as per the diagram.
  • assign the IP addresses to their respective ports
  • configure trunking between switches
  • configure switch-4 root bridge for VLAN 1
  • configure KALI machine to act as a switch and become the ROOT bridge for VLAN 1
  • make sure the attacker will not become a ROOT bridge 
  • to prevent this attack configure Root Guard 
  • we want to switch 4 to not accept superior BPDU\ and make it root-inconsistent to that port.
Read more »
By at No comments:
Labels:
Subscribe to: Posts (Atom)

What is BGP Allowas-in Feature? How to configure BGP Allowas-in? GNS3

  BGP Allowas-in is a configuration option in Border Gateway Protocol (BGP) routing that allows a router to accept routes with its own AS (A...