********************************************************************** Lab 1 - Configuring R1 as a DHCP Server for 192.168.100.0/24 Network ********************************************************************** ----- R1 ----- ip dhcp excluded-address 192.168.100.1 192.168.100.50 ! ip dhcp pool POOL-A network 192.168.100.0 /24 default-router 192.168.100.1 dns-server 192.168.100.2 ********************************************************************** Lab 2 - Configuring R1 as a DHCP Server for 192.168.200.0/24 Network ********************************************************************** ----- R1 ----- ip dhcp excluded-address 192.168.200.1 192.168.200.50 ! ip dhcp pool POOL-B network 192.168.200.0 /24 default-router 192.168.200.3 dns-server 192.168.100.2 ---- R3 ---- Inteface E0/1 ip helper-address 192.168.100.1 ! no ip forward-protocol udp 37 no ip forward-protocol udp 49 no ip forward-protocol udp 53 no ip forward-protocol udp 69 no ip forward-protocol udp 137 no ip forward-protocol udp 138 ********************************************************************** Lab 3 - Configuring IP DHCP Snooping on VLAN 100 ********************************************************************** ----- SW1 ----- ip dhcp snooping ip dhcp snooping vlan 100 ! Interface E0/0 Description Authorized DHCP Server ip dhcp snooping trust ! Interface E0/3 Description Connected towards the Relay Agent ip dhcp snooping trust ! no ip dhcp snooping information option ********************************************************************** Lab 4 - Configuring ARP Inspection ********************************************************************** ----- SW1 ----- ip source binding AABB.CC00.0110 vlan 100 192.168.100.1 interface Et0/0 ip source binding AABB.CC00.0210 vlan 100 192.168.100.2 interface Et0/2 ip source binding AABB.CC00.0300 vlan 100 192.168.100.3 interface Et0/3 ! ip arp inspection vlan 100 ! Interface E0/0 Description Authorized DHCP Server ip arp inspection trust ********************************************************************** Lab 5 - Configuring Port Security ********************************************************************** ----- SW1 ----- Interface E0/0 switchport port-security mac AABB.CC00.0110 switchport port-security ! Interface E0/2 switchport port-security mac sticky switchport port-security ! Interface E0/3 switchport port-security mac sticky switchport port-security max 2 switchport port-security ! errdisable recovery cause psecure-violation errdisable recovery interval 180 ********************************************************************** Lab 6 - Configuring Source Guard ********************************************************************** ----- SW1 ----- -> Make sure you have an entry in the Source binding database (Manual or DHCP Snooping) Interface E1/0 ip verify source ********************************************************************** Lab 7 - Configuring VLAN ACLs ********************************************************************** -> Block Ping and TFTP in VLAN 100 ----- SW1 ----- ! 1. Classify the traffic access-list 111 permit icmp any any access-list 111 permit udp any any eq 69 ! 2. Specify the Action in the VLAN ACL vlan access-map ABC 10 match ip address 111 action drop vlan access-map ABC 20 action forward ! 3. Apply the VLAN ACL to the appropriate VLAN vlan filter ABC vlan-list 100 ********************************************************************** Lab 8 - Configuring Log messages to be sent to a Syslog Server ********************************************************************** ----- R1 ----- logging host 192.168.100.51 ! service timestamps log datetime ********************************************************************** Lab 9 - Configuring Anti-Spoofing ACL on R1 ********************************************************************** ----- R1 ----- access-list 125 permit ip 192.168.10.0 0.0.0.255 any access-list 125 deny ip 10.0.0.0 0.255.255.255 any access-list 125 deny ip 172.16.0.0 0.15.255.255 any access-list 125 deny ip 192.168.0.0 0.0.255.255 any access-list 125 permit ip any any ! Interface E0/0 ip access-group 125 in ********************************************************************** Lab 10 - Configuring uRPF ********************************************************************** ++++++++++++++++ Base ++++++++++++++++ ----- R1 ----- Interface Gig0/0 ip address 192.1.12.1 255.255.255.0 bandwidth 10 no shut ! Interface Gig0/1 ip address 192.1.13.1 255.255.255.0 bandwidth 10 no shut ! Interface Loopback0 ip address 1.1.1.1 255.0.0.0 ! router eigrp 123 network 192.1.12.0 network 192.1.13.0 network 1.0.0.0 ----- R2 ----- Interface Gig0/0 ip address 192.1.12.2 255.255.255.0 bandwidth 10 no shut ! Interface Gig0/1 ip address 192.1.24.2 255.255.255.0 no shut ! Interface Loopback0 ip address 2.2.2.2 255.0.0.0 ! router eigrp 123 network 192.1.12.0 network 192.1.24.0 network 2.0.0.0 ! ip route 0.0.0.0 0.0.0.0 192.1.12.1 ----- R3 ----- Interface Gig0/0 ip address 192.1.13.3 255.255.255.0 bandwidth 10 no shut ! Interface Gig0/1 ip address 192.1.34.3 255.255.255.0 no shut ! Interface Loopback0 ip address 3.3.3.3 255.0.0.0 ! router eigrp 123 network 192.1.13.0 network 192.1.34.0 network 3.0.0.0 ! ip route 0.0.0.0 0.0.0.0 192.1.13.1 ----- R4 ----- Interface Gig0/0 ip address 192.1.24.4 255.255.255.0 no shut ! Interface Gig0/1 ip address 192.1.34.4 255.255.255.0 no shut ! Interface Loopback0 ip address 4.4.4.4 255.0.0.0 ! router eigrp 123 network 192.1.24.0 network 192.1.34.0 network 4.0.0.0 ++++++++++++++++ uRPF ++++++++++++++++ ----- R2 ----- Interface Gig0/0 ip verify unicast source reachable-via rx allow-default ----- R3 ----- Interface Gig0/0 ip verify unicast source reachable-via rx allow-default ********************************************************************** Lab 11 - Configuring NTP ********************************************************************** ----- R1 ----- clock timezone GST 4 ! do clock set 23:40:00 7 oct 2023 ntp master 2 ! ntp authenticate ntp authentication-key 123 md5 Cisco123 ntp trusted-key 123 ----- R2 ----- clock timezone IST 5 30 ! ntp authenticate ntp authentication-key 123 md5 Cisco123 ntp trusted-key 123 ntp server 1.1.1.1 key 123 ----- R3 ----- clock timezone TST 7 ! ntp authenticate ntp authentication-key 123 md5 Cisco123 ntp trusted-key 123 ntp server 1.1.1.1 key 123 ----- R4 ----- clock timezone SST 7 ! ntp authenticate ntp authentication-key 123 md5 Cisco123 ntp trusted-key 123 ntp server 1.1.1.1 key 123