Exercise 5-2: STP Operation

Design a switching lab with topology loops featuring VLAN trunks (802.1Q) and one STP-capable UNIX gateway that bridges two VLAN trunks. Observe the STP behavior with monitoring commands (blocking/forwarding) and the BPDUs with a packet analyzer. Then redesign your topology toward a ring-free tree structure by pulling a cable and alter STP default parameters. Try to simulate a hacker attack from one of your switch access ports that belongs to a VLAN. Try to inject fake STP, VTP (if applicable), and VLAN frames with the purpose of manipulating ARP caches, compromising VLAN security, and causing havoc by injecting fake STP information. If you succeed, think about strategies to deal with these attempts, and, while you are at it, derive a Layer 2 security policy for your environment.

Command Syntax Conventions

Chapter 1. Operating System Issues and Features-The Big Picture

Chapter 2. User-Space Routing Software

Chapter 3. Kernel Requirements for a Full-Featured Lab

Chapter 4. Gateway WAN/Metro Interfaces

Chapter 5. Ethernet and VLANs

Hubs, Bridges, and Multilayer Switches

Access Ports, Uplinks, Trunks, and EtherChannel Port Groups

Alias Interfaces

VLAN Configurations

A Few Words on Cabling

Lab 5-1: FreeBSD Bridge Cluster Lab

Lab 5-2: Linux Bridging and the Spanning Tree

Lab 5-3: OpenBSD Bridging and Spanning Tree

A Few Words on Layer 2 Security

Exercise 5-1: Linux/FreeBSD Ethernet Channel Bonding

Exercise 5-2: STP Operation

Recommended Reading

Chapter 6. The Analyzer Toolbox, DHCP, and CDP

Chapter 7. The UNIX Routing and ARP Tables

Chapter 8. Static Routing Concepts

Chapter 10. ISP Connectivity with BGPv4-An Exterior Gateway Path-Vector Routing Protocol for Interdomain Routing

Chapter 13. Policy Routing, Bandwidth Management, and QoS

Chapter 14. Multicast Architectures

Chapter 15. Network Address Translation

Appendix A. UNIX Kernel Configuration Files

Appendix B. The FreeBSD Netgraph Facility