Beruflich Dokumente
Kultur Dokumente
1) Activeaza port-security pentru portul pe care ai conectat statia la switch si stabileste-i numarul maxim de adrese pe care le
poate invata la 1
(conf-if)# switchport port-security
activeaza mecanismul de port security
(conf-if)# switchport port-security maximum 1
BIT Academy Romania
Calea Victoriei nr. 39A, sector 1, Bucureti
office@bitacad.net
www.bitacad.net
www.facebook.com/bitacad
2) Seteaza static o adresa MAC pentru port, diferita de cea a NIC-ului statiei, ca sa putem testa feature-ul de violation
(conf-if)# switchport port-security mac-addr 0000.0000.0001
3) In cazul incalcarii politicii de port-security pune portul in errdisable
(conf-if)# switchport port-security violation shutdown
(conf-if)# shut
(conf-if)# no shut
# show port-security interface [INT_NR]
# show interfaces status err-disabled
**CLEANUP**
4) Adreseaza device-urile ESW1 si ESW2. Asigura-te ca interfetele SW1 sunt in layer 2, access vlan 100.
5) Verifica layer 3 reachability
BIT Academy Romania
Calea Victoriei nr. 39A, sector 1, Bucureti
office@bitacad.net
www.bitacad.net
www.facebook.com/bitacad
sequence 10
sequence 20
7) Reincearca ping
**CLEANUP**
10) VLAN-urile de interes sunt 100 (primary), 150 (community), 160 (isolated)
@SW1
(conf)# vtp mode transparent pentru ca VTPv1 si VTPv2 nu au functionalitati de replicare a VLAN-urilor private
in VTPv3 a fost introdus support pentru PVLANs incepand cu IOS 12.2(52)SE
(conf)# vlan 150
(conf-vlan)# private-vlan community
(conf)# vlan 160
(conf-vlan)# private-vlan isolated
(conf)# vlan 100
(conf-vlan)# private-vlan primary
@SW1 spre R1
(conf)# interface [INT_NR]
(conf-if)# switchport mode private-vlan host
(conf-if)# switchport private-vlan host-association 100 150
@SW1 spre R2
(conf)# interface [INT_NR]
(conf-if)# switchport mode private-vlan host
(conf-if)# switchport private-vlan host-association 100 160
14) Configureaza interfata corespunzatoare link-ului dintre SW1 si ESW1 ca port promiscuous
@SW1
(conf)# interface [INT_NR]
(conf-if)# switchport mode private-vlan promiscuous
(conf-if)# switchport private-vlan mapping 100 add 150
**CLEANUP**
Partea a IV-a DHCP Snooping
@ESW3
(conf)# ip dhcp pool BITPOOL
(dhcp-conf)# network 10.10.10.0 /24
@ESW2
(conf-if)# ip addr dhcp
@ESW2
(conf-if)# ip addr dhcp
verifica daca server-ul rogue de DHCP face lease-uri (doar pentru test)
The DHCP Information option (Option 82) is commonly used in metro or large enterprise deployments to provide
additional information on physical attachment of the client. Option 82 is supposed to be used in distributed DHCP
server/relay environment, where relays insert additional information to identify the clients point of attachment.
(conf)# ip dhcp snooping vlan 1
6) Configureaza SW1 sa faca throttling la cererile de DHCP venite de la clienti la maximum 5 pachete de DHCP/sec
Pentru pool depletion (consumarea pool-ului)
@SW1 Portul corespunzator link-ului dintre DHCP client si SW1
(conf-if)# ip dhcp snooping limit rate 5
BIT Academy Romania
Calea Victoriei nr. 39A, sector 1, Bucureti
office@bitacad.net
www.bitacad.net
www.facebook.com/bitacad
@SW1
#show ip dhcp snooping
#show ip dhcp snooping binding