6 2

show interfaces trunk
show spanning-tree
show vlan brief
show vtp status
show standby brief
show ip route
Show mac-address command
show storm-control
sho storm-control f0/6 unicast
sho storm-control f0/6 broadcast
sho storm-control f0/6 multicast
show port-security
sho port-security interface f0/6
show errdisable recovery
show ip dhcp snooping
(HOSTA: 172.16.100.101/24, DFG 172.16.100.1;
HOSTB: 172.16.200.101/24, DFG 172.16.200.1).
(Also is DHCP)For this lab, the AAA server will be a
radius server on Host C (172.16.99.50)
connected to DLS1's F0/6 interface.
Configure PC-C to with the 172.16.99.50
with a default-gateway of 172.16.99.1.
Ensure that PC-C has connectivity to
the gateway and all four switches.
##DHCP
ip
ip
ip
ip
!
ip
dhcp
dhcp
dhcp
dhcp
excluded-address
excluded-address
excluded-address
excluded-address
172.16.99.1 172.16.99.150
172.16.100.1 172.16.100.150
172.16.150.1 172.16.150.150
172.16.200.1 172.16.200.150
dhcp pool VLAN99_DHCP

network 172.16.99.0 255.255.255.0
dns-server 99.99.99.99
default-router 172.16.99.1
!
ip dhcp pool VLAN100_DHCP
network 172.16.100.0 255.255.255.0
network 172.16.150.0 255.255.255.0
network 172.16.200.0 255.255.255.0
###AAA###
!!Do all Switches!!
aaa new-model
user admin privilege 15 password cisco12345
radius server RADIUS
address ipv4 172.16.99.50 auth-port 1812 acct-port 1813

key WinRadius
exit
aaa authentication login REMOTE-CONTROL group radius local
line vty 0 4
login authentication REMOTE-CONTROL
exit
####Also####
Repeat the below configuration on all unused switch ports on ALL switches.
ALS1(config)# interface range fa0/1
5, f0/14-16, gi0/1-2
ALS1(config-if-range)# switchport mode access
ALS1(config-if-range)# switchport access vlan 999
ALS1(config-if-range)# shutdown
ALS1(config)# vlan 999
ALS1(config-vlan)# state suspend
DLS1#show run
Building configuration...
Current configuration : 2460 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DLS1
!
boot-start-marker
boot-end-marker
!
!
!
!!
vtp mode Server
vtp version 2
ip routing
!
!
no aaa new-model
system mtu routing 1500
ip routing
ip dhcp relay information trust-all
!
!
!
!
!
!
!
!
DLS1(config)#spanning-tree vlan 99,100 root primary
DLS1(config)#spanning-tree vlan 200 root secondary
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 99-100 priority 24576
spanning-tree vlan 200 priority 28672
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet0/1
!
!
!
!
!
!
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
switchport nonegotiate
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/1
!
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 172.16.99.3 255.255.255.0
standby 99 ip 172.16.99.1
standby 99 priority 150
standby 99 preempt
!
interface Vlan100
ip address 172.16.100.3 255.255.255.0
standby 100 ip 172.16.100.1
standby 100 preempt
!
interface Vlan200
ip address 172.16.200.3 255.255.255.0
standby 200 ip 172.16.200.1
standby 200 preempt
!
ip classless
ip http server
ip http secure-server
!
!
!
!
!
line con 0
line vty 5 15
!
end
DLS1#
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
DLS2#show run
!
version 12.2
no service pad
!
hostname DLS2
!
boot-start-marker
boot-end-marker
!
!
!
ip routing
!
no aaa new-model
ip routing
ip dhcp relay information trust-all
!
!
!
!
!
!
DLS2(config)#spanning-tree vlan 99,100 root secondary
DLS2(config)#spanning-tree vlan 200 root primary
!
!
!
spanning-tree vlan 99-100 priority 28672
spanning-tree vlan 200 priority 24576
!
!
!
!
!
!
!
!
!
!
shutdown
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Vlan1
no ip address
!
interface Vlan99
ip address 172.16.99.4 255.255.255.0
standby 99 ip 172.16.99.1
standby 99 preempt
!
interface Vlan100
ip address 172.16.100.4 255.255.255.0
standby 100 ip 172.16.100.1
standby 100 preempt
!
interface Vlan200
ip address 172.16.200.4 255.255.255.0
standby 200 ip 172.16.200.1
standby 200 preempt
!
ip classless
ip http server
!
!
!
!
!
line con 0
line vty 5 15
!
end
DLS2#
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ALS1#show run
!
version 12.2
no service pad
!
hostname ALS1
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
!
!
!!
vtp mode client
!
!
ip dhcp snooping vlan 100,200
ip dhcp snooping
!
!
!
!
!
!
errdisable recovery cause psecure-violation
errdisable recovery interval 30
!
!
!
!
!
!
!
!
!
switchport access vlan 200
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security mac-address sticky
storm-control broadcast level pps 1k 300
storm-control multicast level 40.00 25.00
storm-control unicast level 65.00 35.00
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 20
!
ip dhcp snooping trust
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
!
!
!
!
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 172.16.99.101 255.255.255.0
!
ip default-gateway 172.16.99.1
ip http server
ip sla enable reaction-alerts
!
line con 0
line vty 5 15
!
end
ALS1#
ALS1#
ALS1#
ALS1#
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ALS2#show run
!
version 12.2
no service pad
!
hostname ALS2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!!
vtp mode client
!
!
ip dhcp snooping vlan 100,200
ip dhcp snooping
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip dhcp snooping limit rate
!
!
!
!
!
!
!
!
20
20
20
20
20
20
20
20
!
!
!
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan99
ip address 172.16.99.102 255.255.255.0
no ip route-cache
!
ip default-gateway 172.16.99.1
ip http server
!
control-plane
!
!
line con 0
line vty 5 15
!
end
ALS2#
ALS2#
ALS2#
ALS2#

6 2

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

6 2

Încărcat de

Drepturi de autor:

Formate disponibile

show interfaces trunk

dhcp pool VLAN99_DHCP

address ipv4 172.16.99.50 auth-port 1812 acct-port 1813

switchport port-security mac-address sticky

S-ar putea să vă placă și