Konfigurasi port security:
- Make the switch interface as access port:
1
|
SW1(config-if)# switchport mode access
|
- Enable port security on the interface:
1
|
SW1(config-if)# switchport port-security
|
- Specify the maximum number of allowed MAC addresses:
1
|
SW1(config-if)# switchport port-security maximum 1
|
- Define the action to take when violation occurs:
1
|
SW1(config-if)# switchport port-security violation shutdown ! options: shutdown, protect, restrict
|
- Specify the allowed MAC addresses:
The sticky keyword is used to let the interface dynamically learns and configures the MAC addresses of the currently connected hosts.
1
|
SW1(config-if)# switchport port-security mac-address 68b5.9965.1195 ! options: H.H.H, sticky
|
Verify and troubleshoot port security:
- Shows the entries of the mac address table:
1
|
SW1# show mac-address-table
|
- Overview of port security of all interfaces:
1
|
SW1# show port-security
|
- Shows detailed information about port security on the specified interface:
1
|
SW1# show port-security interface fa0/5
|
Konfigurasi VLANs:
- Create a new VLAN and give it a name:
1
2
|
SW1(config)# vlan 10
SW1(config-vlan)# name SALES
|
- Assign an access interface to access a specific VLAN:
1
2
3
|
SW1(config)# interface fastEthernet 0/5
SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 10
|
Konfigurasi an auxiliary VLAN for cisco IP phones:
1
2
3
4
|
SW1(config)# interface fastEthernet 0/5
! accessing vlan 10 (data) and 12 (VoIP)
SW1(config-if) #switchport access vlan 10
SW1(config-if) #switchport voice vlan 12
|
Konfigurasi Trunks:
1
2
3
|
SW1(config)# interface fastEthernet 0/1
SW1(config-if)# switchport mode trunk ! options: access, trunk, dynamic auto, dynamic desirable
SW1(config-if)# switchport trunk allowed vlan add 10 ! options: add, remove, all, except
|
Securing VLANs and Trunking:
- Administratively disable unused interfaces:
1
|
SW1(config-if)# shutdown
|
- Prevent trunking by disabling auto negotiation on the interface:
1
2
|
SW1(config-if)# nonegotiate ! or hardcode the port asan access port
SW1(config-if)# switchport mode access
|
- Assign the port to an unused VLAN:
1
|
SW1(config-if)# switchport access vlan 222
|
Konfigurasi VTP:
- Configure VTP mode:
The transparent VTP mode is used when an engineer wants to deactivate VTP on a particular switch
1
|
SW1(config)# vtp mode server ! options: server, client, transparent
|
- Configure VTP domain name:
1
|
SW1(config)# vtp domain EXAMPLE ! case-sensitive
|
- Configure VTP password (optional):
1
|
SW1(config)# vtp password cisco ! case-sensitive
|
- Configure VTP pruning (optional):
1
|
SW1(config)# vtp pruning ! only works on VTP servers
|
- Enable VTP version 2 (optional):
1
|
SW1(config)# vtp version 2
|
Verify and troubleshoot VLANs and VTP:
- Lists information about administrative setting and operation status of interface:
1
|
SW1# show interfaces if switchport
|
- Lists all the trunk ports on a switch including the trunk allowed VLANs:
1
|
SW1# show interfaces trunk
|
- Lists information about the VLANs:
1
|
SW1# show vlan {brief | id | name | summary}
|
- Lists VTP configuration (mode, domain-name, version, etc) and revision number:
1
|
SW1# show vtp status
|
- Shows the VTP password:
1
|
SW1# show vtp password
|
STP optimization:
- Hard coding the root bridge (changing bridge priority):
1
2
3
4
|
SW1(config)# spanning-tree vlan 1 root primary
SW1(config)# spanning-tree vlan 1 root secondary
! Priority must be a multiply of 4096
SW1(config)# spanning-tree [vlan 1]priority 8192
|
- Changing the STP mode:
1
|
SW1(config)# spanning-tree mode rapid-pvst ! options: mst, pvst, rapid-pvst
|
- Enabling portfast and BPDU guard on an interface:
Portfast and BPDU guard are enabled only on interfaces connected to end user hosts
1
2
|
SW1(config-if)# spanning-tree portfast
SW1(config-if)# spanning-tree bpduguard enable
|
- Changing port cost:
1
|
SW1(config-if)# spanning-tree [vlan 1] cost 25
|
- Bundling interfaces into an etherchannel:
1
|
SW1(config-if)# channel-group 1 mode on ! options: auto, desirable, on
|
STP verification and troubleshooting:
- Shows detailed info about STP state:
1
|
SW1# show spanning-tree
|
- Shows STP info only on a specific port:
1
|
SW1# show spanning-tree interface fa0/2
|
- Shows STP info only for a specific VLAN:
1
|
SW1# show spanning-tree vlan 1
|
- Shows info about the root switch:
1
|
SW1# show spanning-tree [vlan 1] root
|
- Shows info about the local switch:
1
|
SW1# show spanning-tree [vlan 1] bridge
|
- Show the state of the etherchannels:
1
|
SW1# show etherchannel 1
|
- Provides informational messages about the changes in the STP topology:
1
|
SW1# debug spanning-tree events
|
Enabling or disabling CDP:
- Enabling CDP globally on a switch:
1
|
SW1(config)# cdp run
|
- Disabling CDP on a given interface:
1
|
SW1(config-if)# no cdp enable
|
Using CDP for network verification and troubleshooting:
- Shows global information about CDP itself:
1
|
SW1# show cdp
|
- Shows information about CDP on a specific interface:
1
|
SW1# show cdp interface fa0/2
|
- Shows information about the directly connected cisco devices including interfaces names capabilities:
1
|
SW1# show cdp neighbors
|
- Shows detailed information about the neighboring cisco devices including device address and version of IOS they run:
1
2
3
|
SW1# show cdp neighbors detail
! OR
SW1# show cdp entry *
|
- Shows detailed information about the specified entry only:
1
|
SW1# show cdp entry SW2
|
Enjoy !
Tolong Laporkan Jika Ada Link Yang Error Atau Gambar Tidak Muncul :)
dan mohon untuk mengklik iklan banner untuk kelangsungan blog :)"
Sekalian juga untuk biaya sekolah admin nya. :) terimakasih :)
EmoticonEmoticon