Configure and Verify Switch Security Features
Welcome to the Configure and Verify Switch Security Features Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Introduction
Welcome to the Configure and Verify Switch Security Features Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.
Learning Outcomes
In this module, you will complete the following exercises:
- Exercise 1 - ARP Inspection, DHCP Snooping, and IP Source Guard
- Exercise 2 - Private VLANs (PVLANs)
After completing this lab, you will be able to:
- Configure access to the ARP process on trusted links
- Enable ARP inspection
- Configure DHCP and examine functionality
- Examine and understand the behavior of IP source guard
- Configure IP source guard
- Implement a private LAN
- Examine and understand the function of private VLANs
Exam Objectives
The following exam objectives are covered in this lab:
- N10-007 1.1: Explain the purposes and uses of ports and protocols (Protocols and ports, DHCP 67, 68)
- N10-007 1.3: Explain the concepts and characteristics of routing and switching (Segmentation and interface properties, ARP table)
- N10-007 1.4: Given a scenario, configure the appropriate IP addressing components (Address assignments, DHCP)
- N10-007 4.4: Summarize common networking attacks (ARP poisoning)
- N10-007 4.6: Explain common mitigation techniques and their purposes (Switch port protection, DHCP snooping)
- N10-007 5.2: Given a scenario, use the appropriate tool (Software tools, Command line, arp)
- N10-007 5.5: Given a scenario, troubleshoot common network service issues (Rogue DHCP server)
Lab Duration
It will take approximately 1 hour to complete this lab.
Exercise 1 - ARP Inspection, DHCP Snooping, and IP Source Guard
Dynamic ARP inspection is a security feature that rejects invalid and malicious ARP packets. In this section, you will enable dynamic ARP inspection on NYCORE1.
In this exercise, you will learn how to configure Dynamic ARP inspection, DHCP snooping and IP Source guard.
Learning Outcomes
After completing this exercise, you will be able to:
- Configure access to the ARP process on trusted links
- Enable ARP inspection
- Configure DHCP and examine functionality
- Examine and understand the behavior of IP source guard
- Configure IP source guard
Exercise 2 - Private VLANs (PVLANs)
The use of Private VLANs is a technique where a VLAN contains ports that are restricted such that they can only communicate with other specific ports. These restricted ports are called private ports. In this exercise, you will learn how to configure private VLANs
Learning Outcomes
After completing this exercise, you will be able to:
- Implement a private LAN
- Examine and understand private VLANs
See the full benefits of our immersive learning experience with interactive courses and guided career paths.