Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,730 --> 00:00:01,270 BP. 2 00:00:01,300 --> 00:00:05,760 God is one of multiple security mechanisms available in spanning tree. 3 00:00:05,950 --> 00:00:08,680 To protect your spending tree network. 4 00:00:08,680 --> 00:00:15,670 This could be something as simple as a user connecting a cheap consumers switch to your network that 5 00:00:15,670 --> 00:00:21,880 doesn't support spending tree and hence causing a loop or something malicious such as an attacker plugging 6 00:00:21,880 --> 00:00:29,530 in a switch and making that switch the root of the spanning tree so that the attacker can analyze your 7 00:00:29,860 --> 00:00:37,420 network traffic that traverses that switch or it could be an attacker simply connecting a switch to 8 00:00:37,420 --> 00:00:46,330 your topology lowering the priority and degrading the performance of your network considerably by forcing 9 00:00:46,330 --> 00:00:51,670 the network traffic to go through a low performance switch. 10 00:00:51,670 --> 00:00:57,760 So one of the options you have to stop this is BP to you God which will disable a port if any BP to 11 00:00:57,760 --> 00:00:59,790 use all received on that port. 12 00:00:59,800 --> 00:01:06,040 This is useful on ports that are going to be used as access ports and that should never be connected 13 00:01:06,040 --> 00:01:07,500 to another switch. 14 00:01:07,510 --> 00:01:13,870 In other words ports that are going to be configured as Port Foss ports they are two ways to configure 15 00:01:13,930 --> 00:01:15,160 BP to you God. 16 00:01:15,310 --> 00:01:22,000 You can either do it on a per interface basis or configure it globally on a switch on a per port basis 17 00:01:22,000 --> 00:01:25,410 you would type spending three port first and then spanning tree BP to you. 18 00:01:25,450 --> 00:01:33,260 God enable or globally on the switch you can use the command spanning tree port Foster default so in 19 00:01:33,260 --> 00:01:40,410 this topology let's assume that this hub shouldn't be connected to the network and will enable BP God 20 00:01:41,160 --> 00:01:48,030 on switch 2 and switch 3 because we shouldn't be receiving BP to use on any of these ports. 21 00:01:48,120 --> 00:01:52,380 These ports should be connected to user pieces rather than a hub 22 00:01:55,230 --> 00:02:01,900 so committee spending 3 port fast edge PPD you 23 00:02:04,530 --> 00:02:15,530 got we have globally enabled PPD you God on switch to at the moment port gigabit 0 1 is not enabled 24 00:02:16,190 --> 00:02:23,360 for Port Fost and we can see that by using the command tro spanning tree interface interface gigabit 25 00:02:23,720 --> 00:02:33,150 0 1 port fast so it's disabled but known gigabit 0 1 lets type spending 23 port fast 26 00:02:36,690 --> 00:02:43,950 notice very quickly BP you God warns us that if BP to you is received on this port and the port has 27 00:02:43,950 --> 00:02:46,620 been disabled so BP to you God. 28 00:02:46,620 --> 00:02:56,470 Error detected on this port Port is placed in the error disabled state port has gone down so show interface 29 00:02:56,560 --> 00:03:06,890 gigabit 0 1 interfaces down line protocol is down because the port was error disabled shows spending 30 00:03:06,900 --> 00:03:15,620 23 notice the port is not shown in the output here if we look at gigabit 0 1 port fast we can see that 31 00:03:15,620 --> 00:03:20,980 no spending tree information is available in this port because the port has been error disabled shows 32 00:03:20,990 --> 00:03:23,690 spanning tree inconsistent ports 33 00:03:26,510 --> 00:03:36,070 show spanning tree summary we can see that the switch is using rapid PBS tea and we can see that port 34 00:03:36,070 --> 00:03:36,730 Frost edge. 35 00:03:36,730 --> 00:03:47,150 BPT you guard default has enabled so I'll shut that port down and then no shut it and let's see what 36 00:03:47,150 --> 00:03:54,740 happens again so no shut it and notice immediately. 37 00:03:54,740 --> 00:03:59,790 The port is error disabled so do show run interface gigabit. 38 00:03:59,830 --> 00:04:01,000 0 1. 39 00:04:01,460 --> 00:04:06,740 We need to remove this port Fost command so no spanning tree. 40 00:04:07,070 --> 00:04:07,940 Port fast 41 00:04:11,640 --> 00:04:18,860 and do show run interface gigabit 0 1 We've now removed port fast so shut the port down. 42 00:04:20,330 --> 00:04:32,370 And no shut it notice the port has come up shows banning tree blocked ports gigabit 0 1 is now being 43 00:04:32,370 --> 00:04:42,760 blocked because that port is an alternate port on this segment the designated port is gigabit 0 1 on 44 00:04:42,760 --> 00:04:47,800 switch 3 and we can see that by tapping shows spanning tree. 45 00:04:48,070 --> 00:04:51,310 Notice gigabit 0 1 is the designated port on the segment. 46 00:04:51,310 --> 00:04:52,130 This is a hub. 47 00:04:52,240 --> 00:04:53,500 Please note. 48 00:04:53,500 --> 00:04:57,440 So this is the designated port for this segment. 49 00:04:57,520 --> 00:05:07,660 This port gigabit 0 1 is blocking on switch to so these ports should have been connected to pieces. 50 00:05:08,320 --> 00:05:14,470 But if a user connected a hub or someone tried to do something malicious BBDO guard blocks the ports 51 00:05:14,470 --> 00:05:15,890 immediately. 52 00:05:15,890 --> 00:05:24,210 Now we can configure this on a per port basis so let's do that on gigabit 0 2 spanning tree people to 53 00:05:24,200 --> 00:05:30,320 you PPD God in April 54 00:05:33,980 --> 00:05:36,790 noticed immediately a PPD was received on the Port. 55 00:05:36,790 --> 00:05:43,270 Port goes to the disable mode so if you enable it on an interface the port doesn't even need to be configured 56 00:05:43,360 --> 00:05:45,970 as a port first port. 57 00:05:45,970 --> 00:05:54,230 When a BP to use received on the port it immediately error disables so do show interface gigabit 0 2 58 00:05:55,690 --> 00:05:58,480 notice the port is down it's error disabled. 6262