Scribd Logo
Upload

Welcome to Scribd!

  • 43 views

    ALS1 Config:: Sapiandante, Goran Y. EX7 Chapter 6 Lab 6-1, Securing Layer 2 Switches

    Uploaded by

    Goran Sapiandante
    The document contains configurations for three network devices - ALS1, ALS2, and DLS1. ALS1 and ALS2 are configured with Layer 2 security features like DHCP snooping and port security on ports in VLANs 100 and 200. DLS1 is configured as a HSRP gateway for VLANs 1, 100, and 200 with IP addresses on each VLAN interface.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    ALS1 Config:: Sapiandante, Goran Y. EX7 Chapter 6 Lab 6-1, Securing Layer 2 Switches

    Uploaded by

    Goran Sapiandante
    43 views9 pages
    The document contains configurations for three network devices - ALS1, ALS2, and DLS1. ALS1 and ALS2 are configured with Layer 2 security features like DHCP snooping and port security on ports in VLANs 100 and 200. DLS1 is configured as a HSRP gateway for VLANs 1, 100, and 200 with IP addresses on each VLAN interface.

    Original Title

    EX7_Sapiandante.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document contains configurations for three network devices - ALS1, ALS2, and DLS1. ALS1 and ALS2 are configured with Layer 2 security features like DHCP snooping and port security on ports in VLANs 100 and 200. DLS1 is configured as a HSRP gateway for VLANs 1, 100, and 200 with IP addresses on each VLAN interface.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    43 views9 pages

    ALS1 Config:: Sapiandante, Goran Y. EX7 Chapter 6 Lab 6-1, Securing Layer 2 Switches

    Uploaded by

    Goran Sapiandante
    The document contains configurations for three network devices - ALS1, ALS2, and DLS1. ALS1 and ALS2 are configured with Layer 2 security features like DHCP snooping and port security on ports in VLANs 100 and 200. DLS1 is configured as a HSRP gateway for VLANs 1, 100, and 200 with IP addresses on each VLAN interface.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 9

    Sapiandante, Goran Y.

    EX7 Chapter 6 Lab 6-1, Securing Layer 2 Switches

    ALS1 Config:
    hostname ALS1 interface FastEthernet0/9

    ! switchport mode trunk

    enable secret class ip dhcp snooping trust

    ! !

    username janedoe password 0 cisco interface FastEthernet0/10

    username johndoe password 0 cisco switchport mode trunk

    username joesmith password 0 cisco ip dhcp snooping trust

    aaa new-model !

    aaa authentication dot1x default local interface FastEthernet0/11

    ! switchport mode trunk

    dot1x system-auth-control ip dhcp snooping trust

    ! !

    ip dhcp snooping vlan 100,200 interface FastEthernet0/12

    ip dhcp snooping switchport mode trunk

    ! ip dhcp snooping trust

    interface FastEthernet0/7 !

    switchport mode trunk interface FastEthernet0/15

    ip dhcp snooping trust switchport access vlan 100

    ! switchport mode access

    interface FastEthernet0/8 switchport port-security

    switchport mode trunk switchport port-security maximum 2

    ip dhcp snooping trust switchport port-security mac-address sticky

    ! dot1x port-control auto


    spanning-tree portfast dot1x port-control auto

    ip dhcp snooping limit rate 20 spanning-tree portfast

    ! ip dhcp snooping limit rate 20

    interface FastEthernet0/16 !

    switchport access vlan 100 interface FastEthernet0/19

    switchport mode access switchport access vlan 100

    switchport port-security switchport mode access

    switchport port-security maximum 2 switchport port-security

    switchport port-security mac-address sticky switchport port-security maximum 2

    dot1x port-control auto switchport port-security mac-address sticky

    spanning-tree portfast dot1x port-control auto

    ip dhcp snooping limit rate 20 spanning-tree portfast

    ! ip dhcp snooping limit rate 20

    interface FastEthernet0/17 !

    switchport access vlan 100 interface FastEthernet0/20

    switchport mode access switchport access vlan 100

    switchport port-security switchport mode access

    switchport port-security maximum 2 switchport port-security

    switchport port-security mac-address sticky switchport port-security maximum 2

    dot1x port-control auto switchport port-security mac-address sticky

    spanning-tree portfast dot1x port-control auto

    ip dhcp snooping limit rate 20 spanning-tree portfast

    ! ip dhcp snooping limit rate 20

    interface FastEthernet0/18 !

    switchport access vlan 100 interface FastEthernet0/21

    switchport mode access switchport access vlan 100

    switchport port-security switchport mode access

    switchport port-security maximum 2 switchport port-security

    switchport port-security mac-address sticky switchport port-security maximum 2


    switchport port-security mac-address sticky switchport port-security maximum 2

    dot1x port-control auto switchport port-security mac-address sticky

    spanning-tree portfast dot1x port-control auto

    ip dhcp snooping limit rate 20 spanning-tree portfast

    ! ip dhcp snooping limit rate 20

    interface FastEthernet0/22 !

    switchport access vlan 100 interface Vlan1

    switchport mode access ip address 172.16.1.101 255.255.255.0

    switchport port-security no shutdown

    switchport port-security maximum 2 !

    switchport port-security mac-address sticky ip default-gateway 172.16.1.1

    dot1x port-control auto !

    spanning-tree portfast line vty 0 4

    ip dhcp snooping limit rate 20 password cisco

    ! login

    interface FastEthernet0/23 line vty 5 15

    switchport access vlan 100 password cisco

    switchport mode access login

    switchport port-security !

    switchport port-security maximum 2 End

    switchport port-security mac-address sticky

    dot1x port-control auto ALS2 Config:


    spanning-tree portfast

    ip dhcp snooping limit rate 20


    hostname ALS2
    !
    !
    interface FastEthernet0/24
    enable secret class
    switchport access vlan 100
    !
    switchport mode access
    ip dhcp snooping vlan 100,200
    switchport port-security
    ip dhcp snooping switchport port-security

    ! spanning-tree portfast

    interface FastEthernet0/7 ip dhcp snooping limit rate 20

    switchport mode trunk !

    ip dhcp snooping trust interface FastEthernet0/16

    ! switchport access vlan 200

    interface FastEthernet0/8 switchport mode access

    switchport mode trunk switchport port-security

    ip dhcp snooping trust spanning-tree portfast

    ! ip dhcp snooping limit rate 20

    interface FastEthernet0/9 !

    switchport mode trunk interface FastEthernet0/17

    ip dhcp snooping trust switchport access vlan 200

    ! switchport mode access

    interface FastEthernet0/10 switchport port-security

    switchport mode trunk spanning-tree portfast

    ip dhcp snooping trust ip dhcp snooping limit rate 20

    ! !

    interface FastEthernet0/11 interface FastEthernet0/18

    switchport mode trunk switchport access vlan 200

    ip dhcp snooping trust switchport mode access

    ! switchport port-security

    interface FastEthernet0/12 spanning-tree portfast

    switchport mode trunk ip dhcp snooping limit rate 20

    ip dhcp snooping trust !

    ! interface FastEthernet0/19

    interface FastEthernet0/15 switchport access vlan 200

    switchport access vlan 200 switchport mode access

    switchport mode access switchport port-security


    spanning-tree portfast ip dhcp snooping limit rate 20

    ip dhcp snooping limit rate 20 !

    ! interface FastEthernet0/24

    interface FastEthernet0/20 switchport access vlan 200

    switchport access vlan 200 switchport mode access

    switchport mode access switchport port-security

    switchport port-security spanning-tree portfast

    spanning-tree portfast ip dhcp snooping limit rate 20

    ip dhcp snooping limit rate 20 !

    ! interface Vlan1

    interface FastEthernet0/21 ip address 172.16.1.102 255.255.255. 0

    switchport access vlan 200 no shutdown

    switchport mode access !

    switchport port-security ip default-gateway 172.16.1.1

    spanning-tree portfast !

    ip dhcp snooping limit rate 20 line vty 0 4

    ! password cisco

    interface FastEthernet0/22 login

    switchport access vlan 200 line vty 5 15

    switchport mode access password cisco

    switchport port-security login

    spanning-tree portfast !

    ip dhcp snooping limit rate 20 End

    interface FastEthernet0/23 DLS1 Config:


    switchport access vlan 200

    switchport mode access


    hostname DLS1
    switchport port-security
    !
    spanning-tree portfast
    enable secret class !

    ! interface Vlan1

    ip routing ip address 172.16.1.3 255.255.255.0

    ! standby 1 ip 172.16.1.1

    ip dhcp relay information trust-all standby 1 priority 150

    ! standby 1 preempt

    interface FastEthernet0/7 no shutdown

    switchport trunk encapsulation dot1q !

    switchport mode trunk interface Vlan100

    ! ip address 172.16.100.3 255.255.255.0

    interface FastEthernet0/8 standby 1 ip 172.16.100.1

    switchport trunk encapsulation dot1q standby 1 priority 150

    switchport mode trunk standby 1 preempt

    ! !

    interface FastEthernet0/9 interface Vlan200

    switchport trunk encapsulation dot1q ip address 172.16.200.3 255.255.255.0

    switchport mode trunk standby 1 ip 172.16.200.1

    ! standby 1 preempt

    interface FastEthernet0/10 !

    switchport trunk encapsulation dot1q line vty 0 4

    switchport mode trunk password cisco

    ! login

    interface FastEthernet0/11 line vty 5 15

    switchport trunk encapsulation dot1q password cisco

    switchport mode trunk login

    ! end

    interface FastEthernet0/12

    switchport trunk encapsulation dot1q

    switchport mode trunk


    DLS2 Config: switchport mode trunk

    interface FastEthernet0/12
    hostname DLS2
    switchport trunk encapsulation dot1q
    !
    switchport mode trunk
    enable secret class
    !
    !
    interface Vlan1
    ip routing
    ip address 172.16.1.4 255.255.255.0
    !
    standby 1 ip 172.16.1.1
    ip dhcp relay information trust-all
    standby 1 preempt
    !
    no shutdown
    interface FastEthernet0/7
    !
    switchport trunk encapsulation dot1q
    interface Vlan100
    switchport mode trunk
    ip address 172.16.100.4 255.255.255.0
    !
    standby 1 ip 172.16.100.1
    interface FastEthernet0/8
    standby 1 preempt
    switchport trunk encapsulation dot1q
    !
    switchport mode trunk
    interface Vlan200
    !
    ip address 172.16.200.4 255.255.255.0
    interface FastEthernet0/9
    standby 1 ip 172.16.200.1
    switchport trunk encapsulation dot1q
    standby 1 priority 150
    switchport mode trunk
    standby 1 preempt
    !
    !
    interface FastEthernet0/10
    line vty 0 4
    switchport trunk encapsulation dot1q
    password cisco
    switchport mode trunk
    login
    !
    line vty 5 15
    interface FastEthernet0/11
    password cisco
    switchport trunk encapsulation dot1q
    login
    !

    end

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy