Configuration detail switch access (cisco) spanning-tree mode rapid-pvst. Ip dhcp snooping (global) vlan vlan_id (interface) ip arp inspection trust if the interface is not trusted then validate.
Configuration detail switch access (cisco) spanning-tree mode rapid-pvst. Ip dhcp snooping (global) vlan vlan_id (interface) ip arp inspection trust if the interface is not trusted then validate.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online from Scribd
Configuration detail switch access (cisco) spanning-tree mode rapid-pvst. Ip dhcp snooping (global) vlan vlan_id (interface) ip arp inspection trust if the interface is not trusted then validate.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online from Scribd
2. Spanning-tree 2.1 Portfast Enable default portfast for all access port spanning-tree portfast enable 2.2 Rapid STP spanning-tree mode rapid-pvst
3. Protecting the network from spoofing att(DHCP, ARP)
3.1 Secure DHCP source
(global) ip dhcp snooping (global) ip dhcp snooping infomation option (interface) ip dhcp snooping trust (global) ip dhcp snooping vlan vlan_id
3.2 Dynamic ARP Inspection
(global) ip arp inspection vlan vlan_id (interface) ip arp inspection trust if the interface is not trusted then validate (interface) ip arp inspection validate
4. Access restriction using ACL
line con 0 exec-timeout 6 0 password 7 15315A1F077A login transport input none line 1 8 speed 115200 line aux 0 line vty 0 4 access-class 90 in password 7 0817627E3D4A35362B login transport input telnet, or SSH. 5. Turn off CDP if possible 6. Secure STP 7. Double check trunk link 8. Using secure access client such as SSHv2 9. Using syslog 10. Avoid using VLAN1 for management purposes