@nsw_r K_y https://]ll1.]is]o.

]om/]ont_nt/xtr[]/5

Cli]k h_r_ to print this p[g_

Ch[ll_ng_ 2: S_]on^ Trou\l_shooting [t SECHNIK N_tworking Lt^.

@nsw_r K_y
St_p 1 - Fix PC1 ]onn_]tivity issu_s to th_ Int_rn_t s_rv_r [t 209.165.201.225.

Th_ pro\l_m li_s on R1, whi]h h[s [ rout_ for 209.165.201.0/24 n_tworks th[t points ^own \[]k to DSW1.

To fix th_ issu_, us_ th_ following ]omm[n^:

R1(config)# no ip route 209.165.201.0 255.255.255.0 172.16.100.2

St_p 2 - Fix PC2 SSH ]onn_]tivity issu_s to th_ s_rv_r [t 172.16.200.10.

Th_ issu_ is on R1. Th_ []]_ss list is [ppli_^ in th_ wrong ^ir_]tion. @lso, sour]_ [n^ ^_stin[tion IP r[ng_s
[r_ sw[pp_^.

To fix th_ issu_, you'll n__^ to sw[p th_ sour]_ [n^ ^_stin[tion in th_ []]_ss list [n^ ]h[ng_ th_ ^ir_]tion
to "in" on Eth_rn_t 0/0.

R1(config)# ip access-list extended 111

R1(config-ext-nacl)# no 10
R1(config-ext-nacl)# permit tcp host 172.16.200.10 192.168.0.0 0.0.255.255 established
R1(config-ext-nacl)# exit
R1(conifg)# interface ethernet 0/0
R1(config-if)# no ip access-group 111 out
R1(config-if)# ip access-group 111 in

St_p 3 - Fix th_ port-s_]urity ]onfigur[tion on @SW1 [n^ @SW2.

Port s_]urity is [ppli_^ on th_ trunk link to DSW1.

R_mov_ th_ port s_]urity ]onfigur[tion on th_ @SW2 trunk link [n^ r_]ov_r th_ int_rf[]_ from th_ _rror-
^is[\l_^ mo^_.

ASW2(config)# interface ethernet 0/0

ASW2(config-if)# no switchport port-security
ASW2(config-if)# no switchport port-security mac-address 0000.0000.1111
ASW2(config-if)# shutdown
ASW2(config-if)# no shutdown
ASW2(config-if)# end

Configur_ port s_]urity on th_ @SW2 int_rf[]_s th[t PC3 [n^ PC4 ]onn_]t to.

ASW2# show mac address-table

Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

1 of 2 10/31/2017, 11:38 @M
@nsw_r K_y https://]ll1.]is]o.]om/]ont_nt/xtr[]/5

10 aabb.cc00.6200 DYNAMIC Et0/1

20 aabb.cc00.a500 DYNAMIC Et0/2
ASW2# configure terminal
ASW2(config)# interface ethernet 0/1
ASW2(config-if)# switchport port-security mac-address aabb.cc00.6200
ASW2(config-if)# switchport port-security
ASW2(config-if)# exit
ASW2(config)# interface ethernet 0/2
ASW2(config-if)# switchport port-security mac-address aabb.cc00.a500
ASW2(config-if)# switchport port-security

NOTE: Th_ PC M@C [^^r_ss_s in your l[\ m[y \_ ^iff_r_nt.

Wh_n you ]onfigur_ port-s_]urity prop_rly, PC4 [lso o\t[ins its IP [^^r_ss vi[ DHCP. To for]_ PC4 to
[]quir_ [n IPv4 [^^r_ss vi[ DHCP, issu_ th_ shut^own ]omm[n^ [n^ th_n th_ no shut^own ]omm[n^ on its
Eth_rn_t 0/0 int_rf[]_.

Simil[rly, ]onfigur_ port s_]urity on @SW1.

ASW1# show mac address-table

Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----
10 aabb.cc00.c800 DYNAMIC Et0/1
10 aabb.cc00.ca00 DYNAMIC Et0/0
10 aabb.cc80.ce00 DYNAMIC Et0/0
20 aabb.cc00.c900 DYNAMIC Et0/2
20 aabb.cc00.cb00 DYNAMIC Et0/0
20 aabb.cc80.ce00 DYNAMIC Et0/0
1 aabb.cc00.ce10 DYNAMIC Et0/0
Total Mac Addresses for this criterion: 7
ASW1# configure terminal
ASW1(config)# interface ethernet 0/1
ASW1(config-if)# switchport port-security mac-address aabb.cc00.c800
ASW1(config-if)# switchport port-security
ASW1(config-if)# exit
ASW1(config)# interface ethernet 0/2
ASW1(config-if)# switchport port-security mac-address aabb.cc00.c900
ASW1(config-if)# switchport port-security

© 2014 Cis]o Syst_ms, In].

2 of 2 10/31/2017, 11:38 @M