PortFast Question

From: Josh Sukol (secnews_at_gmail.com)
Date: 09/24/04

  • Next message: Vijay Kumar: "Re: nc help needed." 
    Date: Fri, 24 Sep 2004 10:05:04 -0400
To: security-basics@securityfocus.com

    I am running a small network using four Cisco Catalyst 2950 switches.
    I am in the process of configuring a new software package that uses
    some proprietary hardware that connects to the network via Ethernet.
    When plugged into the network the device would connect for a minute or
    two and than connectivity would drop (i.e. ping would fail, and the
    light on the switch would turn from green to amber) This pattern
    continued for as long as the device was plugged into the network. The
    cabling was checked and tested with other equipment and there were no
    other problems.

    After trying several other things I eventually started changing the
    ethernet port settings on the switch itself and found that by enabling
    portfast the device functioned fine. I have found very little
    information about port fast security issues. I was able to find and
    did read up on PortFast BPDU guard and potential DoS using malformed
    packets. Are there any other security issues that effect me enabling
    Portfast on specific ports that connect back to a single device? Are
    there any other ways to solve this problem that might allow me to
    sidestep this potential security issues all together?

    - Slightly Off Topic -
    If anyone knows why this behavior occurs and why enabling portfast
    fixes the connectivity issue I would be very interested to a hear an
    explanation.

    Thanks in advance for the wisdom!

    ---------------------------------------------------------------------------
    Computer Forensics Training at the InfoSec Institute. All of our class sizes
    are guaranteed to be 12 students or less to facilitate one-on-one
    interaction with one of our expert instructors. Gain the in-demand skills of
    a certified computer examiner, learn to recover trace data left behind by
    fraud, theft, and cybercrime perpetrators. Discover the source of computer
    crime and abuse so that it never happens again.

    http://www.infosecinstitute.com/courses/computer_forensics_training.html
    ----------------------------------------------------------------------------

  • Next message: Vijay Kumar: "Re: nc help needed."

    Relevant Pages

    • RE: Rogue IP Address
      ... capability that you paid for when buying the switch, ... someone will holler about his network not working. ... prospectus based upon the core principle concepts of security. ... This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization ...
      (Security-Basics)
    • Re: PortFast Question
      ... >some proprietary hardware that connects to the network via Ethernet. ... >ethernet port settings on the switch itself and found that by enabling ... >portfast the device functioned fine. ...
      (Security-Basics)
    • Re: Switch Security
      ... system is looking into the packet. ... This causes a lot of network traffic. ... The switch remembers the MAC-Adress of each network ... the switch automaticly enhances the security of your ...
      (microsoft.public.win2000.security)
    • Re: Catalyst 3750G / Network design question
      ... that is - two static VLANs. ... stub routing and other L3 features not needed where a basic L2 switch will ... getting back to the security .. ... While I'm a 'network engineer' by profession and my job doesn't involve ...
      (comp.dcom.sys.cisco)
    • Re: To vlan or not to vlan, thats the question
      ... Hmmm VLANs, why bother? ... you're not going to get higher than Layer 4 on the switch for security. ... But if your internal network is trusted then why would you firewall the ...
      (comp.os.linux.networking)