Switch(Cisco) Port Security
SwitchA(config)# int fa 0/1
SwitchA(config)# switchport port-security
SwitchA(config)# switchport port-security maximum 2 [2 mac allowed]
SwitchA(config)# switchport port-security mac-address sticky
SwitchA(config)# int fa 0/1
SwitchA(config)# switchpropt mode access
SwitchA(config)# switchport port-security
SwitchA(config)# switchport port-security maximum 2 [2 mac allowed]
SwitchA(config)# switchport port-security violation protect/restrict/shutdown
SwitchA(config)# switchport port-security allowed mac address
SwitchA(config)# switchport port-security mac-address mac-address
SwitchA(config)# switchport port-security mac-address sticky [got mac address stored forever]
DHCP Snooping
SwitchA(config)# ip dhcp snooping
SwitchA(config)# ip dhcp snooping vlan 10
SwitchA(config)# ip dhcp snooping database flash:DHCP.txt
SwitchA(config)# int fa 0/1
SwitchA(config-if)#ip dhcp snooping trust [dhcp server interface]
IP Source Guard
SwitchA(config)# int f0/1
SwitchA(config-if)# switchport mode access
SwitchA(config-if)# switchport access vlan 10
SwitchA(config-if)# switchport port-security
SwitchA(config-if)# ip verify source port-security
SwitchA(config)# ip source binding 0000.0000.1111 vlan 10 192.168.1.2 int f0/1
SwitchA(config)# ip dhcp snooping
SwitchA(config)# ip dhcp snooping vlan 10
Dynamic ARP Inspection
SwitchA(config)# arp access-list ARP_VLAN10
SwitchA(config)# permit ip host 192.168.1.2(Router IP) mac host 0018.73c3.ob20 log
SwitchA(config)# permit ip host 192.168.1.10(PC IP) mac host 0019.73c3.ob21 log
SwitchA(config)# ip dhcp snooping
SwitchA(config)# ip dhcp snooping vlan 10
SwitchA(config)# ip arp inspection vlan 10
SwitchA(config)# ip arp inspection filter ARP_VLAN10 vlan 10
SwitchA(config)# int f0/5 [connected pc 192.168.1.10]
SwitchA(config-if)# ip arp inspection trust
Broadcast storms
SwitchA(config-if)# storm-control broadcast level 75 60
SwitchA(config-if)# storm-control multicast level pps 1000 500
SwitchA(config-if)# storm-control action shutdown
SwitchA(config)#ip dhcp snooping
SwitchA(config)#no ip dhcp snooping information option
SwitchA(config)#ip dhcp snooping vlan 1
valid dhcp server connected port configuration
SwitchA(config)#interface fa0/2
SwitchA(config-if)#ip dhcp snooping trust
valid client pc connected port configuration
SwitchA(config)#interface fa0/1
SwitchA(config-if)#ip dhcp snooping limit rate 10
SwitchA(config)#interface fa0/1
SwitchA(config-if)#ip arp inspection limit rate 10
SwitchA(config)#no cdp run
SwitchA(config)#interface fa0/1
SwitchA(config-if)#no cdp enable
Vlan ACL
SwitchA(config)# vlan access-map CCIE 10
SwitchA(config-access-map)# match ip address 101
SwitchA(config-access-map)# action drop
SwitchA(config)# vlan access-map CCIE 20
SwitchA(config-access-map) action forward
Switch(config) vlan filter CCIE vlan-list 10