dardan:ccna_security:labs:configure_secure_trunks_and_access_port
Task 1: Secure Trunk Ports S1(config)# spanning-tree vlan 1 priority 0 S1(config-if)# switchport mode trunk S1(config-if)# switchport trunk native vlan 99 #unused vlan for native S1(config-if)# switchport nonegotiate # to Prevent the use of DTP Verify S1# show spanning-tree S1# show interfaces f0/1 trunk S1# show interfaces f0/1 switchport S1# show run | begin 0/1
Task 2: Secure Access Ports S1(config-if)# switchport mode access
Task 3: Protect Against STP Attack S1(config-if)# spanning-tree portfast # Enable PortFast S1(config-if)# spanning-tree bpduguard enable # Enable BPDU guard S2(config)# spanning-tree loopguard defaul #the global command can be configured on non-root switches Verify S1# show spanning-tree interface f0/6 detail #Enable root guard S2# show run | begin Gig S1# show spanning-tree interface f0/6 detail S2# show spanning-tree summary
dardan/ccna_security/labs/configure_secure_trunks_and_access_port.txt · Last modified: 2019/02/04 12:44 by dardan