Scribd
Upload
62 views

Ccna Commande 2

This document provides instructions for configuring various network features including port security, VLANs, trunking, STP, CDP, and VTP on Cisco switches. Key steps include enabling port security and defining the maximum MAC addresses, creating VLANs and assigning access ports, configuring trunk ports and allowed VLANs, optimizing STP using bridge priority and portfast, and using CDP for network verification.

Uploaded by

شيماء عياشي
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
62 views

Ccna Commande 2

This document provides instructions for configuring various network features including port security, VLANs, trunking, STP, CDP, and VTP on Cisco switches. Key steps include enabling port security and defining the maximum MAC addresses, creating VLANs and assigning access ports, configuring trunk ports and allowed VLANs, optimizing STP using bridge priority and portfast, and using CDP for network verification.

Uploaded by

شيماء عياشي
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Configuring port security:

 Make the switch interface as access port:


SW1(config-if)# switchport mode access

 Enable port security on the interface:


SW1(config-if)# switchport port-security

 Specify the maximum number of allowed MAC addresses:


SW1(config-if)# switchport port-security maximum 1

 Define the action to take when violation occurs:


SW1(config-if)# switchport port-security violation shutdown ! options:
shutdown, protect, restrict

 Specify the allowed MAC addresses:


The sticky keyword is used to let the interface dynamically learns and configures the MAC
addresses of the currently connected hosts.
SW1(config-if)# switchport port-security mac-address 68b5.9965.1195 !
options: H.H.H, sticky

Verify and troubleshoot port security:


 Shows the entries of the mac address table:
SW1# show mac-address-table

 Overview of port security of all interfaces:


SW1# show port-security

 Shows detailed information about port security on the specified interface:


SW1# show port-security interface fa0/5

Configuring VLANs:
 Create a new VLAN and give it a name:
SW1(config)# vlan 10
SW1(config-vlan)# name SALES

 Assign an access interface to access a specific VLAN:


SW1(config)# interface fastEthernet 0/5
SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 10

Configuring an auxiliary VLAN for cisco IP phones:


SW1(config)# interface fastEthernet 0/5
! accessing vlan 10 (data) and 12 (VoIP)
SW1(config-if) #switchport access vlan 10
SW1(config-if) #switchport voice vlan 12

Configuring Trunks:
SW1(config)# interface fastEthernet 0/1
SW1(config-if)# switchport mode trunk ! options: access, trunk, dynamic auto,
dynamic desirable
SW1(config-if)# switchport trunk allowed vlan add 10 ! options: add, remove,
all, except

Securing VLANs and Trunking:


 Administratively disable unused interfaces:
SW1(config-if)# shutdown

 Prevent trunking by disabling auto negotiation on the interface:


SW1(config-if)# nonegotiate ! or hardcode the port asan access port
SW1(config-if)# switchport mode access

 Assign the port to an unused VLAN:


SW1(config-if)# switchport access vlan 222

Configuring VTP:
 Configure VTP mode:
The transparent VTP mode is used when an engineer wants to deactivate VTP on a particular switch
SW1(config)# vtp mode server ! options: server, client, transparent

 Configure VTP domain name:


SW1(config)# vtp domain EXAMPLE ! case-sensitive

 Configure VTP password (optional):


SW1(config)# vtp password cisco ! case-sensitive

 Configure VTP pruning (optional):


SW1(config)# vtp pruning ! only works on VTP servers

 Enable VTP version 2 (optional):


SW1(config)# vtp version 2

Verify and troubleshoot VLANs and VTP:


 Lists information about administrative setting and operation status of interface:
SW1# show interfaces if switchport

 Lists all the trunk ports on a switch including the trunk allowed VLANs:
SW1# show interfaces trunk
 Lists information about the VLANs:
SW1# show vlan {brief | id | name | summary}

 Lists VTP configuration (mode, domain-name, version, etc) and revision number:
SW1# show vtp status

 Shows the VTP password:


SW1# show vtp password

STP optimization:
 Hard coding the root bridge (changing bridge priority):
SW1(config)# spanning-tree vlan 1 root primary
SW1(config)# spanning-tree vlan 1 root secondary
! Priority must be a multiply of 4096
SW1(config)# spanning-tree [vlan 1]priority 8192

 Changing the STP mode:


SW1(config)# spanning-tree mode rapid-pvst ! options: mst, pvst, rapid-pvst

 Enabling portfast and BPDU guard on an interface:


Portfast and BPDU guard are enabled only on interfaces connected to end user hosts
SW1(config-if)# spanning-tree portfast
SW1(config-if)# spanning-tree bpduguard enable

 Changing port cost:


SW1(config-if)# spanning-tree [vlan 1] cost 25

 Bundling interfaces into an etherchannel:


SW1(config-if)# channel-group 1 mode on ! options: auto, desirable, on

STP verification and troubleshooting:


 Shows detailed info about STP state:
SW1# show spanning-tree

 Shows STP info only on a specific port:


SW1# show spanning-tree interface fa0/2

 Shows STP info only for a specific VLAN:


SW1# show spanning-tree vlan 1

 Shows info about the root switch:


SW1# show spanning-tree [vlan 1] root

 Shows info about the local switch:


SW1# show spanning-tree [vlan 1] bridge

 Show the state of the etherchannels:


SW1# show etherchannel 1

 Provides informational messages about the changes in the STP topology:


SW1# debug spanning-tree events

Enabling or disabling CDP:


 Enabling CDP globally on a switch:
SW1(config)# cdp run

 Disabling CDP on a given interface:


SW1(config-if)# no cdp enable

Using CDP for network verification and troubleshooting:


 Shows global information about CDP itself:
SW1# show cdp

 Shows information about CDP on a specific interface:


SW1# show cdp interface fa0/2

 Shows information about the directly connected cisco devices including interfaces names
capabilities:
SW1# show cdp neighbors

 Shows detailed information about the neighboring cisco devices including device address
and version of IOS they run:
SW1# show cdp neighbors detail
! OR
SW1# show cdp entry *

 Shows detailed information about the specified entry only:


SW1# show cdp entry SW2

You might also like