Ok langsung saja...
Configuring port security:
• Make the switch interface as access port:
SW1(confi
g-if)# switchport mode access
• Enable port security on the interface:
SW1(config-if)# switchport port-security
• Specify the maximum number of allowed MAC addresses:
SW1(config-if)# switchport port-security maximum 1
• Define the action to take when violation occurs:
SW1(config-if)# switchport port-security violation shutdown ! options: shutdown, protect, restrict
• Specify the allowed MAC addresses:
The sticky keyword is used to let the interface dynamically learns and configures the MAC addresses of the currently connected hosts.
SW1(config-if)# switchport port-security mac-address 68b5.9965.1195 ! options: H.H.H, sticky
Verify and troubleshoot port security:
• Shows the entries of the mac address table:
SW1# show mac-address-table
• Overview of port security of all interfaces:
SW1# show port-security
• Shows detailed information about port security on the specified interface:
SW1# show port-security interface fa0/5
Configuring VLANs:
• Create a new VLAN and give it a name:
SW1(config)# vlan 10
SW1(config-vlan)# name SALES
• Assign an access interface to access a specific VLAN:
SW1(config)# interface fastEthernet 0/5
SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 10
Configuring an auxiliary VLAN for cisco IP phones:
SW1(config)# interface fastEthernet 0/5
! accessing vlan 10 (data) and 12 (VoIP)
SW1(config-if) #switchport access vlan 10
SW1(config-if) #switchport voice vlan 12
Configuring Trunks:
SW1(config)# interface fastEthernet 0/1
SW1(config-if)# switchport mode trunk ! options: access, trunk, dynamic auto, dynamic desirable
SW1(config-if)# switchport trunk allowed vlan add 10 ! options: add, remove, all, except
Securing VLANs and Trunking:
• Administratively disable unused interfaces:
SW1(config-if)# shutdown
• Prevent trunking by disabling auto negotiation on the interface:
SW1(config-if)# nonegotiate ! or hardcode the port asan access port
SW1(config-if)# switchport mode access
• Assign the port to an unused VLAN:
SW1(config-if)# switchport access vlan 222
Configuring VTP:
• Configure VTP mode:
The transparent VTP mode is used when an engineer wants to deactivate VTP on a particular switch
SW1(config)# vtp mode server ! options: server, client, transparent
• Configure VTP domain name:
SW1(config)# vtp domain EXAMPLE ! case-sensitive
• Configure VTP password (optional):
SW1(config)# vtp password cisco ! case-sensitive
• Configure VTP pruning (optional):
SW1(config)# vtp pruning ! only works on VTP servers
• Enable VTP version 2 (optional):
SW1(config)# vtp version 2