Exercise 5-2: STP Operation

Design a switching lab with topology loops featuring VLAN trunks (802.1Q) and one STP-capable UNIX gateway that bridges two VLAN trunks. Observe the STP behavior with monitoring commands (blocking/forwarding) and the BPDUs with a packet analyzer. Then redesign your topology toward a ring-free tree structure by pulling a cable and alter STP default parameters. Try to simulate a hacker attack from one of your switch access ports that belongs to a VLAN. Try to inject fake STP, VTP (if applicable), and VLAN frames with the purpose of manipulating ARP caches, compromising VLAN security, and causing havoc by injecting fake STP information. If you succeed, think about strategies to deal with these attempts, and, while you are at it, derive a Layer 2 security policy for your environment.