Configure and Verify Switch Security Features

Introduction

Welcome to the Configure and Verify Switch Security Features Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

• Exercise 1 - ARP Inspection, DHCP Snooping, and IP Source Guard
• Exercise 2 - Private VLANs (PVLANs)

After completing this lab, you will be able to:

• Configure access to the ARP process on trusted links
• Enable ARP inspection
• Configure DHCP and examine functionality
• Examine and understand the behavior of IP source guard
• Configure IP source guard
• Implement a private LAN
• Examine and understand the function of private VLANs

Exam Objectives

The following exam objectives are covered in this lab:

• N10-007 1.1: Explain the purposes and uses of ports and protocols (Protocols and ports, DHCP 67, 68)
• N10-007 1.3: Explain the concepts and characteristics of routing and switching (Segmentation and interface properties, ARP table)
• N10-007 1.4: Given a scenario, configure the appropriate IP addressing components (Address assignments, DHCP)
• N10-007 4.4: Summarize common networking attacks (ARP poisoning)
• N10-007 4.6: Explain common mitigation techniques and their purposes (Switch port protection, DHCP snooping)
• N10-007 5.2: Given a scenario, use the appropriate tool (Software tools, Command line, arp)
• N10-007 5.5: Given a scenario, troubleshoot common network service issues (Rogue DHCP server)

Lab Duration

It will take approximately 1 hour to complete this lab.

Exercise 1 - ARP Inspection, DHCP Snooping, and IP Source Guard

Dynamic ARP inspection is a security feature that rejects invalid and malicious ARP packets. In this section, you will enable dynamic ARP inspection on NYCORE1.

In this exercise, you will learn how to configure Dynamic ARP inspection, DHCP snooping and IP Source guard.

Learning Outcomes

After completing this exercise, you will be able to:

• Configure access to the ARP process on trusted links
• Enable ARP inspection
• Configure DHCP and examine functionality
• Examine and understand the behavior of IP source guard
• Configure IP source guard

Exercise 2 - Private VLANs (PVLANs)

The use of Private VLANs is a technique where a VLAN contains ports that are restricted such that they can only communicate with other specific ports. These restricted ports are called private ports. In this exercise, you will learn how to configure private VLANs

Learning Outcomes

After completing this exercise, you will be able to:

• Implement a private LAN
• Examine and understand private VLANs