Scribd Logo
Upload

Welcome to Scribd!

  • 42 views

    ALS1 Config:: Sapiandante, Goran Y. EX7 Chapter 6 Lab 6-1, Securing Layer 2 Switches

    Uploaded by

    Goran Sapiandante
    The document contains configurations for three network devices - ALS1, ALS2, and DLS1. ALS1 and ALS2 are configured with Layer 2 security features like DHCP snooping and port security on ports in VLANs 100 and 200. DLS1 is configured as a HSRP gateway for VLANs 1, 100, and 200 with IP addresses on each VLAN interface.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    ALS1 Config:: Sapiandante, Goran Y. EX7 Chapter 6 Lab 6-1, Securing Layer 2 Switches

    Uploaded by

    Goran Sapiandante
    42 views9 pages
    The document contains configurations for three network devices - ALS1, ALS2, and DLS1. ALS1 and ALS2 are configured with Layer 2 security features like DHCP snooping and port security on ports in VLANs 100 and 200. DLS1 is configured as a HSRP gateway for VLANs 1, 100, and 200 with IP addresses on each VLAN interface.

    Original Title

    EX7_Sapiandante.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document contains configurations for three network devices - ALS1, ALS2, and DLS1. ALS1 and ALS2 are configured with Layer 2 security features like DHCP snooping and port security on ports in VLANs 100 and 200. DLS1 is configured as a HSRP gateway for VLANs 1, 100, and 200 with IP addresses on each VLAN interface.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    42 views9 pages

    ALS1 Config:: Sapiandante, Goran Y. EX7 Chapter 6 Lab 6-1, Securing Layer 2 Switches

    Uploaded by

    Goran Sapiandante
    The document contains configurations for three network devices - ALS1, ALS2, and DLS1. ALS1 and ALS2 are configured with Layer 2 security features like DHCP snooping and port security on ports in VLANs 100 and 200. DLS1 is configured as a HSRP gateway for VLANs 1, 100, and 200 with IP addresses on each VLAN interface.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 9

    Sapiandante, Goran Y.

    EX7 Chapter 6 Lab 6-1, Securing Layer 2 Switches

    ALS1 Config:
    hostname ALS1 interface FastEthernet0/9

    ! switchport mode trunk

    enable secret class ip dhcp snooping trust

    ! !

    username janedoe password 0 cisco interface FastEthernet0/10

    username johndoe password 0 cisco switchport mode trunk

    username joesmith password 0 cisco ip dhcp snooping trust

    aaa new-model !

    aaa authentication dot1x default local interface FastEthernet0/11

    ! switchport mode trunk

    dot1x system-auth-control ip dhcp snooping trust

    ! !

    ip dhcp snooping vlan 100,200 interface FastEthernet0/12

    ip dhcp snooping switchport mode trunk

    ! ip dhcp snooping trust

    interface FastEthernet0/7 !

    switchport mode trunk interface FastEthernet0/15

    ip dhcp snooping trust switchport access vlan 100

    ! switchport mode access

    interface FastEthernet0/8 switchport port-security

    switchport mode trunk switchport port-security maximum 2

    ip dhcp snooping trust switchport port-security mac-address sticky

    ! dot1x port-control auto


    spanning-tree portfast dot1x port-control auto

    ip dhcp snooping limit rate 20 spanning-tree portfast

    ! ip dhcp snooping limit rate 20

    interface FastEthernet0/16 !

    switchport access vlan 100 interface FastEthernet0/19

    switchport mode access switchport access vlan 100

    switchport port-security switchport mode access

    switchport port-security maximum 2 switchport port-security

    switchport port-security mac-address sticky switchport port-security maximum 2

    dot1x port-control auto switchport port-security mac-address sticky

    spanning-tree portfast dot1x port-control auto

    ip dhcp snooping limit rate 20 spanning-tree portfast

    ! ip dhcp snooping limit rate 20

    interface FastEthernet0/17 !

    switchport access vlan 100 interface FastEthernet0/20

    switchport mode access switchport access vlan 100

    switchport port-security switchport mode access

    switchport port-security maximum 2 switchport port-security

    switchport port-security mac-address sticky switchport port-security maximum 2

    dot1x port-control auto switchport port-security mac-address sticky

    spanning-tree portfast dot1x port-control auto

    ip dhcp snooping limit rate 20 spanning-tree portfast

    ! ip dhcp snooping limit rate 20

    interface FastEthernet0/18 !

    switchport access vlan 100 interface FastEthernet0/21

    switchport mode access switchport access vlan 100

    switchport port-security switchport mode access

    switchport port-security maximum 2 switchport port-security

    switchport port-security mac-address sticky switchport port-security maximum 2


    switchport port-security mac-address sticky switchport port-security maximum 2

    dot1x port-control auto switchport port-security mac-address sticky

    spanning-tree portfast dot1x port-control auto

    ip dhcp snooping limit rate 20 spanning-tree portfast

    ! ip dhcp snooping limit rate 20

    interface FastEthernet0/22 !

    switchport access vlan 100 interface Vlan1

    switchport mode access ip address 172.16.1.101 255.255.255.0

    switchport port-security no shutdown

    switchport port-security maximum 2 !

    switchport port-security mac-address sticky ip default-gateway 172.16.1.1

    dot1x port-control auto !

    spanning-tree portfast line vty 0 4

    ip dhcp snooping limit rate 20 password cisco

    ! login

    interface FastEthernet0/23 line vty 5 15

    switchport access vlan 100 password cisco

    switchport mode access login

    switchport port-security !

    switchport port-security maximum 2 End

    switchport port-security mac-address sticky

    dot1x port-control auto ALS2 Config:


    spanning-tree portfast

    ip dhcp snooping limit rate 20


    hostname ALS2
    !
    !
    interface FastEthernet0/24
    enable secret class
    switchport access vlan 100
    !
    switchport mode access
    ip dhcp snooping vlan 100,200
    switchport port-security
    ip dhcp snooping switchport port-security

    ! spanning-tree portfast

    interface FastEthernet0/7 ip dhcp snooping limit rate 20

    switchport mode trunk !

    ip dhcp snooping trust interface FastEthernet0/16

    ! switchport access vlan 200

    interface FastEthernet0/8 switchport mode access

    switchport mode trunk switchport port-security

    ip dhcp snooping trust spanning-tree portfast

    ! ip dhcp snooping limit rate 20

    interface FastEthernet0/9 !

    switchport mode trunk interface FastEthernet0/17

    ip dhcp snooping trust switchport access vlan 200

    ! switchport mode access

    interface FastEthernet0/10 switchport port-security

    switchport mode trunk spanning-tree portfast

    ip dhcp snooping trust ip dhcp snooping limit rate 20

    ! !

    interface FastEthernet0/11 interface FastEthernet0/18

    switchport mode trunk switchport access vlan 200

    ip dhcp snooping trust switchport mode access

    ! switchport port-security

    interface FastEthernet0/12 spanning-tree portfast

    switchport mode trunk ip dhcp snooping limit rate 20

    ip dhcp snooping trust !

    ! interface FastEthernet0/19

    interface FastEthernet0/15 switchport access vlan 200

    switchport access vlan 200 switchport mode access

    switchport mode access switchport port-security


    spanning-tree portfast ip dhcp snooping limit rate 20

    ip dhcp snooping limit rate 20 !

    ! interface FastEthernet0/24

    interface FastEthernet0/20 switchport access vlan 200

    switchport access vlan 200 switchport mode access

    switchport mode access switchport port-security

    switchport port-security spanning-tree portfast

    spanning-tree portfast ip dhcp snooping limit rate 20

    ip dhcp snooping limit rate 20 !

    ! interface Vlan1

    interface FastEthernet0/21 ip address 172.16.1.102 255.255.255. 0

    switchport access vlan 200 no shutdown

    switchport mode access !

    switchport port-security ip default-gateway 172.16.1.1

    spanning-tree portfast !

    ip dhcp snooping limit rate 20 line vty 0 4

    ! password cisco

    interface FastEthernet0/22 login

    switchport access vlan 200 line vty 5 15

    switchport mode access password cisco

    switchport port-security login

    spanning-tree portfast !

    ip dhcp snooping limit rate 20 End

    interface FastEthernet0/23 DLS1 Config:


    switchport access vlan 200

    switchport mode access


    hostname DLS1
    switchport port-security
    !
    spanning-tree portfast
    enable secret class !

    ! interface Vlan1

    ip routing ip address 172.16.1.3 255.255.255.0

    ! standby 1 ip 172.16.1.1

    ip dhcp relay information trust-all standby 1 priority 150

    ! standby 1 preempt

    interface FastEthernet0/7 no shutdown

    switchport trunk encapsulation dot1q !

    switchport mode trunk interface Vlan100

    ! ip address 172.16.100.3 255.255.255.0

    interface FastEthernet0/8 standby 1 ip 172.16.100.1

    switchport trunk encapsulation dot1q standby 1 priority 150

    switchport mode trunk standby 1 preempt

    ! !

    interface FastEthernet0/9 interface Vlan200

    switchport trunk encapsulation dot1q ip address 172.16.200.3 255.255.255.0

    switchport mode trunk standby 1 ip 172.16.200.1

    ! standby 1 preempt

    interface FastEthernet0/10 !

    switchport trunk encapsulation dot1q line vty 0 4

    switchport mode trunk password cisco

    ! login

    interface FastEthernet0/11 line vty 5 15

    switchport trunk encapsulation dot1q password cisco

    switchport mode trunk login

    ! end

    interface FastEthernet0/12

    switchport trunk encapsulation dot1q

    switchport mode trunk


    DLS2 Config: switchport mode trunk

    interface FastEthernet0/12
    hostname DLS2
    switchport trunk encapsulation dot1q
    !
    switchport mode trunk
    enable secret class
    !
    !
    interface Vlan1
    ip routing
    ip address 172.16.1.4 255.255.255.0
    !
    standby 1 ip 172.16.1.1
    ip dhcp relay information trust-all
    standby 1 preempt
    !
    no shutdown
    interface FastEthernet0/7
    !
    switchport trunk encapsulation dot1q
    interface Vlan100
    switchport mode trunk
    ip address 172.16.100.4 255.255.255.0
    !
    standby 1 ip 172.16.100.1
    interface FastEthernet0/8
    standby 1 preempt
    switchport trunk encapsulation dot1q
    !
    switchport mode trunk
    interface Vlan200
    !
    ip address 172.16.200.4 255.255.255.0
    interface FastEthernet0/9
    standby 1 ip 172.16.200.1
    switchport trunk encapsulation dot1q
    standby 1 priority 150
    switchport mode trunk
    standby 1 preempt
    !
    !
    interface FastEthernet0/10
    line vty 0 4
    switchport trunk encapsulation dot1q
    password cisco
    switchport mode trunk
    login
    !
    line vty 5 15
    interface FastEthernet0/11
    password cisco
    switchport trunk encapsulation dot1q
    login
    !

    end

    You might also like