5.0 Security Fundamentals

5.7 Layer 2 security features in IOS devices

3. DHCP Snooping:

kotlinCopy code
ip dhcp snooping
ip dhcp snooping vlan 1-100
interface FastEthernet0/1
 ip dhcp snooping trust

Each of the above commands are explained below:

ip dhcp snooping: Enables DHCP snooping globally on the switch.
ip dhcp snooping vlan 1-100: Specifies the VLANs on which DHCP snooping is enabled.
interface FastEthernet0/1 ip dhcp snooping trust: Specifies that DHCP packets on this interface are trusted, and are not subject to DHCP snooping.

4. IP Source Guard:

kotlinCopy code
interface FastEthernet0/1
 ip verify source

interface FastEthernet0/1 ip verify source: Enables IP source guard on the interface. This feature verifies the source IP address of incoming packets and discards any that do not match a valid IP-MAC address binding.

5. Storm Control:

kotlinCopy code
interface FastEthernet0/1
 storm-control broadcast level pps 100
 storm-control multicast level pps 100
 storm-control action trap

interface FastEthernet0/1 storm-control broadcast level pps 100: Specifies that the storm control threshold for broadcast packets is 100 packets per second.
interface FastEthernet0/1 storm-control multicast level pps 100: Specifies that the storm control threshold for multicast packets is 100 packets per second.
interface FastEthernet0/1 storm-control action trap: Specifies that the switch should send a SNMP trap to a network management system when a storm is detected.

6. BPDU Guard:

interface FastEthernet0/1
 spanning-tree bpduguard enable

interface FastEthernet0/1 spanning-tree bpduguard enable: Enables BPDU guard on the interface. This feature prevents unauthorized switches from being connected to the network and potentially disrupting the Spanning Tree Protocol (STP) topology.

Note that the specific configuration will depend on the specific requirements of the network, such as the level of security desired and the types of threats that are being targeted. These examples are meant to serve as a starting point and may need to be modified based on the specific requirements of the network. Additionally, these are general configuration examples and may vary depending on the specific IOS version and hardware platform being used.