Scribd
Upload
25 views4 pages

Exercise No2

The document outlines the configuration of switch security features on two switches (S1 and S2) including creating VLANs, trunk ports, access ports, DHCP snooping, port security, and spanning tree settings. It also provides the IP configurations for connected PCs and shows the connectivity was successfully tested between devices in different VLANs.

Uploaded by

E D I T H
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
25 views4 pages

Exercise No2

The document outlines the configuration of switch security features on two switches (S1 and S2) including creating VLANs, trunk ports, access ports, DHCP snooping, port security, and spanning tree settings. It also provides the IP configurations for connected PCs and shows the connectivity was successfully tested between devices in different VLANs.

Uploaded by

E D I T H
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

EXERCISE NO.

2
Switch Security Configuration
-Create a Secure Trunk
-Secure Unused Switch ports
-Implement Port Security
-Enable DHCP Snooping
-Configure Rapid PVST Port Fast and BPDU Guard

TOPOLOGY

ADDRESSING TABLE

Device Interface IP Address Subnet Mask Description


S1 VLAN 15 192.168.15.254 255.255.255.0 SVI for Management
S2 VLAN 15 192.168.15.253 255.255.255.0 SVI for Management
PC1 NIC 192.168.5.10 255.255.255.0 Connected to S1 Fa0/1
PC2 NIC 192.168.5.11 255.255.255.0 Connected to S2 Fa0/1
PC3 NIC 192.168.10.10 255.255.255.0 Connected to S1 Fa0/7
PC4 NIC 192.168.10.11 255.255.255.0 Connected to S2 Fa0/7

VLAN Table

VLAN ID VLAN Name Network Address Subnet Mask Ports to be assigned


5 HR 192.168.5.0 255.255.255.0 S1, S2: Fa0/1-6
10 Accounts 192.168.10.0 255.255.255.0 S1, S2: Fa0/7-12
15 Management 192.168.15.0 255.255.255.0
25 Native NOT APPLICABLE S1, S2: G0/1
35 Unused NOT APPLICABLE S1, S2: Fa0/13-24,G0/2
S1 Configuration
Switch>enable
Switch#configure terminal
Switch(config)#hostname S1
S1(config)#no ip domain-lookup
S1(config)#vlan 5
S1(config-vlan)#name HR
S1(config-vlan)#vlan 10
S1(config-vlan)#name Accounts
S1(config-vlan)#vlan 15
S1(config-vlan)#name Management
S1(config-vlan)#vlan 25
S1(config-vlan)#name Native
S1(config-vlan)#vlan 35
S1(config-vlan)#name Unused

S1(config-vlan)#interface vlan 15
S1(config-if)#ip address 192.168.15.254 255.255.255.0

S1(config-vlan)#interface g0/1
S1(config-if)#switchport mode trunk
S1(config-if)#switchport trunk native vlan 25
S1(config-if)#switchport trunk allowed vlan 5,10,15,25
S1(config-if)#switchport nonegotiate

S1(config-if)#interface range fa0/1-6


S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport access vlan 5
S1(config-if-range)#interface range fa0/7-12
S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport access vlan 10
S1(config-if-range)#interface range fa0/13-24,g0/2
S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport access vlan 35
S1(config-if-range)#shutdown

S1(config-if-range)#interface range fa0/1-12


S1(config-if-range)#switchport port-security
S1(config-if-range)#switchport port-security mac-address sticky

S1(config-if-range)#spanning-tree portfast
S1(config-if-range)#spanning-tree bpduguard enable

S1(config-if-range)#exit
S1(config)#ip dhcp snooping
S1(config)#ip dhcp snooping vlan 5,10,15,25

S1(config)#exit
S1#copy run start
S2 Configuration

Switch>enable
Switch#configure terminal
Switch(config)#hostname S2
S2(config)#vlan 5
S2(config-vlan)#name HR
S2(config-vlan)#vlan 10
S2(config-vlan)#name Accounts
S2(config-vlan)#vlan 15
S2(config-vlan)#name Management
S2(config-vlan)#vlan 25
S2(config-vlan)#name Native
S2(config-vlan)#vlan 35
S2(config-vlan)#name Unused

S2(config-vlan)#interface vlan 15
S2(config-if)#ip address 192.168.15.253 255.255.255.0

S2(config-vlan)#interface g0/1
S2(config-if)#switchport mode trunk
S2(config-if)#switchport trunk native vlan 25
S2(config-if)#switchport trunk allowed vlan 5,10,15,25
S2(config-if)#switchport nonegotiate

S2(config-if)#interface range fa0/1-6


S2(config-if-range)#switchport mode access
S2(config-if-range)#switchport access vlan 5
S2(config-if-range)#interface range fa0/7-12
S2(config-if-range)#switchport mode access
S2(config-if-range)#switchport access vlan 10
S2(config-if-range)#interface range fa0/13-24,g0/2
S2(config-if-range)#switchport mode access
S2(config-if-range)#switchport access vlan 35
S2(config-if-range)#shutdown

S2(config-if-range)#interface range fa0/1-12


S2(config-if-range)#switchport port-security
S2(config-if-range)#switchport port-security mac-address sticky
S2(config-if-range)#switchport port-security violation restrict
S2(config-if-range)#spanning-tree portfast
S2(config-if-range)#spanning-tree bpduguard enable

S2(config-if-range)#exit
S2(config)#ip dhcp snooping
S2(config)#ip dhcp snooping vlan 5,10,15,25

S2(config)#exit
S2#copy run start
PC1 IP Configuration
IPv4 Address: 192.168.5.10
Subnet: 255.255.255.0

PC2 IP Configuration
IPv4 Address: 192.168.5.11
Subnet: 255.255.255.0

PC3 IP Configuration
IPv4 Address: 192.168.10.10
Subnet: 255.255.255.0

PC4 IP Configuration
IPv4 Address: 192.168.10.11
Subnet: 255.255.255.0

Verification Commands Used:

S1#show vlan brief


S1#show interfaces trunk
S1#show running-config

End-to-End Connectivity Result

Successful
Ping From Ping To To IP Address
Yes/No
PC1 PC2 192.168.5.11 Yes
PC3 PC4 192.168.10.11 Yes
S1 S2 192.168.15.253 Yes

Result: Configured and Verified Switch Security Configuration successfully.

You might also like