Basic VLAN Security

Fig 1:Basic VLAN Security

Networkeducative-Switch# configure terminal

Networkeducative-Switch(config)# username admin privilege 15 secret *Networkeducative*

Networkeducative-Switch(config)# line console 0

Networkeducative-Switch(config-line)# login local

Networkeducative-Switch(config-line)# password cisco

Networkeducative-Switch(config-line)# exec-timeout 60 0

Networkeducative-Switch (config)# line vty 0 15

Networkeducative-Switch (config-line)# password cisco

Networkeducative-Switch (config-line)# login local

Networkeducative-Switch (config-line)# exec-timeout 60 0

Networkeducative-Switch (config-line)# transport preferred ssh

Networkeducative-Switch (config-line)# access-class 115 in

Networkeducative-Switch (config)# access-list 115 remark -=[Restrict VTY Access]=-

Networkeducative-Switch (config)# access-list 115 permit ip host 74.200.84.4 any

Networkeducative-Switch (config)# access-list 115 permit ip host 69.65.126.42 any

Networkeducative-Switch (config)# access-list 115 permit ip 192.168.50.0 0.0.0.255 any

Networkeducative-Switch (config)# access-list 115 remark

Networkeducative-Switch(config)# interface fastethernet0/24

Networkeducative-Switch(config-if)# Networkeducative-Switchport trunk allowed vlan remove 1,2,3,4,5,7,8

Networkeducative-Switch(config-if)# Networkeducative-Switchport access vlan 6

Networkeducative-Switch(config)# interface fastethernet0/24

Networkeducative-Switch(config-if)# no cdp enable

Networkeducative-Switch(config-if)# no udld port

Networkeducative-Switch(config-if)# spanning-tree portfast

Networkeducative-Switch(config-if)# spanning-tree bpduguard enable

Networkeducative-Switch(config-if)# spanning-tree guard root

 

CoreNetworkeducative-Switch(config)# vtp domain Networkeducative

CoreNetworkeducative-Switch(config)# vtp password fedmag secret

CoreNetworkeducative-Switch(config)# vtp mode server

CoreNetworkeducative-Switch(config)# vtp version 2

CoreNetworkeducative-Switch(config)# vtp pruning