Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCNP (Professional)
Spanning Tree Attacks Question
Kenjin
I have a question regarding spanning tree attacks.
just reading about enabling pbdugaurd to stop spanning tree attacks, ok I understand the concept of that but.... if we put all the spare ports on our network into another vlan. Wouldn't that stop the attack and acheive the same thing? because the attackers switch would not be a part of any of our vlans?
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
networker050184
All unused ports should be shutdown and placed in an unused VLAN.
You would still need BPDU guard if the attack was launched from an authorized users port. You should also hard code the access ports so that they can not negotiate a trunk and wreak havoc on your whole switched network.
Kenjin
like I said if all unused ports were in an unused vlan, so my question is, how could an attack happen on an unauthorized port, if all the unused ports where in the unused vlan? thats my question. oh and of course all ports were changed form the default state of dynamic desirable.
networker050184
It won't happen on an unused access port that is assigned to an unused VLAN unless it negotiates a trunk.
You need BPDU Guard to stop an attack on an authorized access port on a used VLAN.
Kenjin
thanks for clarifying that for me
networker050184
Also ensure that unused VLAN is not allowed on any of your trunks.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
