Scribd Logo
Upload

Welcome to Scribd!

  • Securing Spanning Tree Protocol Lab

    Uploaded by

    Goran Sapiandante
    21 views12 pages
    This document contains the configurations of two access layer switches - ALS1 and ALS2. The configurations secure the spanning tree protocol, enable udld and dhcp snooping on all ports, set various port security parameters on access ports in VLANs 100 and 200, and configure other basic settings.

    Original Description:

    Original Title

    EX8_Sapiandante.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains the configurations of two access layer switches - ALS1 and ALS2. The configurations secure the spanning tree protocol, enable udld and dhcp snooping on all ports, set various port security parameters on access ports in VLANs 100 and 200, and configure other basic settings.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    21 views12 pages

    Securing Spanning Tree Protocol Lab

    Uploaded by

    Goran Sapiandante
    This document contains the configurations of two access layer switches - ALS1 and ALS2. The configurations secure the spanning tree protocol, enable udld and dhcp snooping on all ports, set various port security parameters on access ports in VLANs 100 and 200, and configure other basic settings.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    Sapiandante, Goran Y.

    EX8 Chapter 6 Lab 6-2, Securing Spanning Tree Protocol

    ALS1 Config: interface FastEthernet0/3

    hostname ALS1 udld port aggressive

    ! !

    enable secret class interface FastEthernet0/4

    ! udld port aggressive

    username janedoe password 0 cisco !

    username johndoe password 0 cisco interface FastEthernet0/5

    username joesmith password 0 cisco udld port aggressive

    aaa new-model !

    aaa authentication dot1x default local interface FastEthernet0/6

    ! udld port aggressive

    udld enable !

    ! interface FastEthernet0/7

    ip dhcp snooping vlan 100,200 switchport mode trunk

    ip dhcp snooping udld port aggressive

    ! storm-control broadcast level 50.00

    spanning-tree portfast bpduguard default ip dhcp snooping trust

    ! !

    interface FastEthernet0/1 interface FastEthernet0/8

    udld port aggressive switchport mode trunk

    ! udld port aggressive

    interface FastEthernet0/2 storm-control broadcast level 50.00

    udld port aggressive ip dhcp snooping trust

    ! !
    interface FastEthernet0/9 !
    switchport mode trunk interface FastEthernet0/15
    udld port aggressive switchport access vlan 100
    ip dhcp snooping trust switchport mode access
    ! switchport port-security
    interface FastEthernet0/10 switchport port-security maximum 2
    switchport mode trunk switchport port-security mac-address sticky
    udld port aggressive udld port aggressive
    ip dhcp snooping trust dot1x port-control auto
    ! spanning-tree portfast
    interface FastEthernet0/11 ip dhcp snooping limit rate 20
    switchport mode trunk !
    udld port aggressive interface FastEthernet0/16
    ip dhcp snooping trust switchport access vlan 100
    ! switchport mode access
    interface FastEthernet0/12 switchport port-security
    switchport mode trunk switchport port-security maximum 2
    udld port aggressive switchport port-security mac-address sticky
    ip dhcp snooping trust udld port aggressive
    ! dot1x port-control auto
    interface FastEthernet0/13 spanning-tree portfast
    udld port aggressive ip dhcp snooping limit rate 20
    spanning-tree guard root !
    ! interface FastEthernet0/17
    interface FastEthernet0/14 switchport access vlan 100
    udld port aggressive switchport mode access
    spanning-tree guard root switchport port-security
    switchport port-security maximum 2 ip dhcp snooping limit rate 20
    switchport port-security mac-address sticky !
    udld port aggressive interface FastEthernet0/20
    dot1x port-control auto switchport access vlan 100
    spanning-tree portfast switchport mode access
    ip dhcp snooping limit rate 20 switchport port-security
    ! switchport port-security maximum 2
    interface FastEthernet0/18 switchport port-security mac-address sticky
    switchport access vlan 100 udld port aggressive
    switchport mode access dot1x port-control auto
    switchport port-security spanning-tree portfast
    switchport port-security maximum 2 ip dhcp snooping limit rate 20
    switchport port-security mac-address sticky !
    udld port aggressive interface FastEthernet0/21
    dot1x port-control auto switchport access vlan 100
    spanning-tree portfast switchport mode access
    ip dhcp snooping limit rate 20 switchport port-security
    ! switchport port-security maximum 2
    interface FastEthernet0/19 switchport port-security mac-address sticky
    switchport access vlan 100 udld port aggressive
    switchport mode access dot1x port-control auto
    switchport port-security spanning-tree portfast
    switchport port-security maximum 2 ip dhcp snooping limit rate 20
    switchport port-security mac-address sticky !
    udld port aggressive interface FastEthernet0/22
    dot1x port-control auto switchport access vlan 100
    spanning-tree portfast switchport mode access
    switchport port-security spanning-tree portfast
    switchport port-security maximum 2 ip dhcp snooping limit rate 20
    switchport port-security mac-address sticky !
    udld port aggressive interface Vlan1
    dot1x port-control auto ip address 172.16.1.101 255.255.255.0
    spanning-tree portfast no shutdown
    ip dhcp snooping limit rate 20 !
    ! ip default-gateway 172.16.1.1
    interface FastEthernet0/23 !
    switchport access vlan 100 line vty 0 4
    switchport mode access password cisco
    switchport port-security login
    switchport port-security maximum 2 line vty 5 15
    switchport port-security mac-address sticky password cisco
    udld port aggressive login
    dot1x port-control auto !
    spanning-tree portfast end
    ip dhcp snooping limit rate 20
    ! ALS2 Config:
    interface FastEthernet0/24 hostname ALS2
    switchport access vlan 100 !
    switchport mode access enable secret class
    switchport port-security !
    switchport port-security maximum 2 udld enable
    switchport port-security mac-address sticky !
    udld port aggressive ip dhcp snooping vlan 100,200
    dot1x port-control auto ip dhcp snooping
    ! switchport mode trunk
    spanning-tree portfast bpduguard default udld port aggressive
    ! ip dhcp snooping trust
    interface FastEthernet0/1 !
    udld port aggressive interface FastEthernet0/9
    ! switchport mode trunk
    interface FastEthernet0/2 udld port aggressive
    udld port aggressive ip dhcp snooping trust
    ! !
    interface FastEthernet0/3 interface FastEthernet0/10
    udld port aggressive switchport mode trunk
    ! udld port aggressive
    interface FastEthernet0/4 ip dhcp snooping trust
    udld port aggressive !
    ! interface FastEthernet0/11
    interface FastEthernet0/5 switchport mode trunk
    udld port aggressive udld port aggressive
    ! ip dhcp snooping trust
    interface FastEthernet0/6 !
    udld port aggressive interface FastEthernet0/12
    ! switchport mode trunk
    interface FastEthernet0/7 udld port aggressive
    switchport mode trunk ip dhcp snooping trust
    udld port aggressive !
    ip dhcp snooping trust interface FastEthernet0/13
    ! udld port aggressive
    interface FastEthernet0/8 spanning-tree guard root
    ! ip dhcp snooping limit rate 20
    interface FastEthernet0/14 !
    udld port aggressive interface FastEthernet0/18
    spanning-tree guard root switchport access vlan 200
    ! switchport mode access
    interface FastEthernet0/15 switchport port-security
    switchport access vlan 200 udld port aggressive
    switchport mode access spanning-tree portfast
    switchport port-security ip dhcp snooping limit rate 20
    udld port aggressive !
    spanning-tree portfast interface FastEthernet0/19
    ip dhcp snooping limit rate 20 switchport access vlan 200
    ! switchport mode access
    interface FastEthernet0/16 switchport port-security
    switchport access vlan 200 udld port aggressive
    switchport mode access spanning-tree portfast
    switchport port-security ip dhcp snooping limit rate 20
    udld port aggressive !
    spanning-tree portfast interface FastEthernet0/20
    ip dhcp snooping limit rate 20 switchport access vlan 200
    ! switchport mode access
    interface FastEthernet0/17 switchport port-security
    switchport access vlan 200 udld port aggressive
    switchport mode access spanning-tree portfast
    switchport port-security ip dhcp snooping limit rate 20
    udld port aggressive !
    spanning-tree portfast interface FastEthernet0/21
    switchport access vlan 200 udld port aggressive
    switchport port-security spanning-tree portfast
    switchport mode access ip dhcp snooping limit rate 20
    udld port aggressive !
    spanning-tree portfast interface Vlan1
    ip dhcp snooping limit rate 20 ip address 172.16.1.102 255.255.255.0
    ! no shutdown
    interface FastEthernet0/22 !
    switchport access vlan 200 ip default-gateway 172.16.1.1
    switchport mode access !
    switchport port-security line vty 0 4
    udld port aggressive password cisco
    spanning-tree portfast login
    ip dhcp snooping limit rate 20 line vty 5 15
    ! password cisco
    interface FastEthernet0/23 login
    switchport access vlan 200 !
    switchport mode access End
    switchport port-security
    udld port aggressive
    spanning-tree portfast
    ip dhcp snooping limit rate 20 DLS1 Config:
    ! hostname DLS1
    interface FastEthernet0/24 !
    switchport access vlan 200 enable secret class
    switchport mode access !
    switchport port-security ip routing
    ! switchport trunk encapsulation dot1q
    ip dhcp relay information trust-all switchport mode trunk
    ! udld port aggressive
    udld enable !
    ! interface FastEthernet0/8
    spanning-tree vlan 1,100 priority 24576 switchport trunk encapsulation dot1q
    spanning-tree vlan 200 priority 28672 switchport mode trunk
    ! udld port aggressive
    interface FastEthernet0/1 !
    udld port aggressive interface FastEthernet0/9
    ! switchport trunk encapsulation dot1q
    interface FastEthernet0/2 switchport mode trunk
    udld port aggressive udld port aggressive
    ! !
    interface FastEthernet0/3 interface FastEthernet0/10
    udld port aggressive switchport trunk encapsulation dot1q
    ! switchport mode trunk
    interface FastEthernet0/4 udld port aggressive
    udld port aggressive !
    ! interface FastEthernet0/11
    interface FastEthernet0/5 switchport trunk encapsulation dot1q
    udld port aggressive switchport mode trunk
    ! udld port aggressive
    interface FastEthernet0/6 !
    udld port aggressive interface FastEthernet0/12
    ! switchport trunk encapsulation dot1q
    interface FastEthernet0/7 switchport mode trunk
    udld port aggressive !
    ! interface FastEthernet0/21
    interface FastEthernet0/13 udld port aggressive
    udld port aggressive !
    spanning-tree guard root interface FastEthernet0/22
    ! udld port aggressive
    interface FastEthernet0/14 !
    udld port aggressive interface FastEthernet0/23
    spanning-tree guard root udld port aggressive
    ! !
    interface FastEthernet0/15 interface FastEthernet0/24
    udld port aggressive udld port aggressive
    ! !
    interface FastEthernet0/16 interface Vlan1
    udld port aggressive ip address 172.16.1.3 255.255.255.0
    ! standby 1 ip 172.16.1.1
    interface FastEthernet0/17 standby 1 priority 150
    udld port aggressive standby 1 preempt
    ! no shutdown
    interface FastEthernet0/18 !
    udld port aggressive interface Vlan100
    ! ip address 172.16.100.3 255.255.255.0
    interface FastEthernet0/19 standby 1 ip 172.16.100.1
    udld port aggressive standby 1 priority 150
    ! standby 1 preempt
    interface FastEthernet0/20 !
    udld port aggressive interface Vlan200
    ip address 172.16.200.3 255.255.255.0 interface FastEthernet0/1
    standby 1 ip 172.16.200.1 udld port aggressive
    standby 1 preempt !
    ! interface FastEthernet0/2
    line vty 0 4 udld port aggressive
    password cisco !
    login interface FastEthernet0/3
    line vty 5 15 udld port aggressive
    password cisco !
    login interface FastEthernet0/4
    ! udld port aggressive
    End !
    interface FastEthernet0/5

    DLS2 Config: udld port aggressive

    hostname DLS2 !

    ! interface FastEthernet0/6

    enable secret class udld port aggressive

    ! !

    ip routing interface FastEthernet0/7

    ! switchport trunk encapsulation dot1q

    ip dhcp relay information trust-all switchport mode trunk

    ! udld port aggressive

    udld enable !

    ! interface FastEthernet0/8

    spanning-tree vlan 1,100 priority 28672 switchport trunk encapsulation dot1q

    spanning-tree vlan 200 priority 24576 switchport mode trunk

    ! udld port aggressive


    ! spanning-tree guard root
    interface FastEthernet0/9 !
    switchport trunk encapsulation dot1q interface FastEthernet0/15
    switchport mode trunk udld port aggressive
    udld port aggressive !
    ! interface FastEthernet0/16
    interface FastEthernet0/10 udld port aggressive
    switchport trunk encapsulation dot1q !
    switchport mode trunk interface FastEthernet0/17
    udld port aggressive udld port aggressive
    ! !
    interface FastEthernet0/11 interface FastEthernet0/18
    switchport trunk encapsulation dot1q udld port aggressive
    switchport mode trunk !
    udld port aggressive interface FastEthernet0/19
    ! udld port aggressive
    interface FastEthernet0/12 !
    switchport trunk encapsulation dot1q interface FastEthernet0/20
    switchport mode trunk udld port aggressive
    udld port aggressive !
    ! interface FastEthernet0/21
    interface FastEthernet0/13 udld port aggressive
    udld port aggressive !
    spanning-tree guard root interface FastEthernet0/22
    ! udld port aggressive
    interface FastEthernet0/14 !
    udld port aggressive interface FastEthernet0/23
    udld port aggressive login
    ! !
    interface FastEthernet0/24 end
    udld port aggressive
    !
    interface Vlan1
    ip address 172.16.1.4 255.255.255.0
    standby 1 ip 172.16.1.1
    standby 1 preempt
    no shutdown
    !
    interface Vlan100
    ip address 172. 16.100.4 255.255.255.0
    standby 1 ip 172.16.100.1
    standby 1 preempt
    !
    interface Vlan200
    ip address 172.16.200.4 255.255.255.0
    standby 1 ip 172.16.200.1
    standby 1 priority 150
    standby 1 preempt
    !
    line vty 0 4
    password cisco
    login
    line vty 5 15
    password cisco

    You might also like