TYPES OF GUARD
BPDU Guard-
Its use to
implement on an access port configure with PortFast.
If BPDU Guard received BPDU from neighbor device
then port become enable.
If BPDU Guard did not receive BPDU from neighbor
device then port become Errdisable.
BPDU Filter-
It effectively disables STP on selected ports by
preventing them from send or receive any other BDPU of any deivce.
If PortFast status is loss then BPDU Filter will be
in disable.
If BPDU Guard is enable on same interface as BPDU
filter configure, then BPDU Guard has no effect.`
Root Guard-
The root guard ensures that the port on which root
guard is enabled is the designated port.
If Root Bridge is not appear on switch, then
manually we can enable Root Guard.
Enforcedly provide the root bridge in the network.
Loop Guard-
It checks BPDUs is not received on a non-designated
port & loop guard will be enabled
then port move into loop-inconsistent
state.
Unidirectional Link Detection (UDLD)-
It work on layer 2 protocol so they can work on keepalive
mechanism.& Cisco Proprietary.
It automatically detect the losses of bidirectional
link.
In Cisco devices UDLD sends out ID frames every 15
sec & For other devices by default is 7 seconds.
SNMP VERSION
It is an application-layer protocol & used to
manage and monitor network devices.
SNMP server use UDP-161 & SNMP agent use UDP-162.
SNMP component-
SNMP agent-
Its software that run on management
devices.
SNMP manager-
It run the network management
application that monitor and control managed devices.
Management information base (MIB)-
its
database is a text file (.mib), MID & object identifier( OID) file should
be assigned to monitoring devices so the device can be control and manage.
SNMP versions –
There are 3 versions of SNMP:
SNMPv1-
It uses only community strings for
authentication, No Authorization & no Privacy in Access mode and no
encryption, it use UDP only.
SNMPv2-
It uses only community strings for authentication,
No Authorization & no Privacy in Access mode and no encryption, it use UDP
only but can be configure to use TCP.
SNMPv3-
It uses Hash based MAC with MD5 or SHA for
authentication and DES-56 for privacy. This version uses TCP & its more
secure then other version.
SECURITY ZONE
Its use for control the traffic between the zone
which are in group of interface.
There are 3 type of zones – Inside, Outside and DMZ.
Inside Zone –
It protect the data or should not be
access from unauthorized person from Outside. It also known as trusted or
Internal zone.
Outside Zone-
This zone is considered to be outside
the control of an organization & unsecure from Public network.
DMZ –
It is network resource like File server or Web
server so user can be access from outside public network this DMZ is placed
behind the Firewall.
So firewall has allow limited access to DMZ server.
Zone Pair-
Inside-to-Outside and Inside-to-DMZ-
Packet flow from the inside & move toward the
outside or the DMZ.
Outside-to-Inside-
Packet flow from outside & move toward the
inside, but it allow only when user requested otherwise it will be block the
packet.
DMZ to Inside-
Packet flow from the DMZ & move toward, But it
allow only when user requested otherwise it will be block the packet.
Outside to DMZ-
Packet flow from the outside and move toward the DMZ
and check by the firewall to allow or denied packet.
It only allowed email, HTTP, HTTPS, or DNS traffic.
DMZ to Outside-
Packet flow from the DMZ and move toward the outside
& as per firewall rule it can be allow only specific request.
