How to configure DHCP Snooping on switch, DHCP Server on router, SVI Inter-VLAN-routing, BPDU Guard, Root-Guard, Port-fast, Dot1q and Port-channel pagp?

In this section, we are going to configure some important topics DHCP Snooping on the switch, DHCP Server on the router, SVI Inter-VLAN-routing, BPDU Guard, Root-Guard, Port-fast, Dot1q, and Port-channel pagp. I'm assuming you have already familiar with these topics if not here is a quick overview.

here is a quick overview of these lab topics: -

DHCP (Dynamic Host Configuration Protocol) servers are providing all the basic information that the client wants to operate on the network like DNS address, Default Gateway, IP addresses, and subnet. masks and many more... Read more___.

 DHCP Snooping when the DHCP server is connected to the switch. switch ports our switch has the option of trusted or untrusted. the legally reliable DHCP server can be found on a trusted port and the rest of the ports are untrusted for the DHCP server. when the DHCP server request comes from the untrusted port our switch prevents all the DHCP requests before they flood the VLAN and discard the request and also puts that untrusted port in to err disable state automatically. DHCP snooping keeps the track of the complete DHCP binding Read more___.

SVI Inter-VLAN-routing When you want to establish communication between different VLANs you will need a device that can do routing. You could use an external router with separate physical gateways or a sub-interface (router on stick) method but it’s also possible to use a multilayer switch. Read more_

Ether-channel or (link aggregation). Ether-channel is a technology that allows us to bundle multiple physical links into a single logical link. Ether-channel is used to aggregate bandwidth between multiple layer 2 / layer 3 interfaces. Read more__.

Spanning-tree BPDU Guard is one of the features that help you protect your spanning-tree topology. 

BPDU Guard prevents loops if another switch is attached to a Port-fast port. Read more__.

The root guard prevents the wrong switch from becoming the spanning tree root. If a root guard port receives a superior BPDU that might cause it to become a root port, the port is put into “root-inconsistent” Read more__.    

 Goal: -

• configure Portfast on (switch-1, 2, 3, and 4 Fa 0/5-8).
• configure Trunk on (switch-1, and 3 Fa 0/9).
• configure VLAN 10, 20 on SVI
• Configure inter-VLAN-routing between VLAN 10,20
• Configure Port channel pagp on switch-1, 2, 3 and 4
• configure Trunk on Port-channel 1,2
• configure VLAN 10,20 on switch-1,2,3 and 4.
• configure BPDUguard 
• configure router-1
• configure router-2 DHCP SERVER
• configure DHCP Snooping on switch-5
• make sure all pc can communicate with each other.

SWITCH-1(config)#interface range fastEthernet 0/5-8

SWITCH-1(config-if-range)#spanning-tree portfast

SWITCH-1(config-if-range)#end

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/5 but will only

have effect when the interface is in a non-trunking mode.

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/6 but will only

have effect when the interface is in a non-trunking mode.

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/7 but will only

have effect when the interface is in a non-trunking mode.

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/8 but will only

have effect when the interface is in a non-trunking mode.

SWITCH-2(config)#interface range fastEthernet 0/5-8

SWITCH-2(config-if-range)#spanning-tree portfast 

SWITCH-2(config-if-range)#end

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/5 but will only

have effect when the interface is in a non-trunking mode.

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/6 but will only

have effect when the interface is in a non-trunking mode.

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/7 but will only

have effect when the interface is in a non-trunking mode.

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/8 but will only

have effect when the interface is in a non-trunking mode.

SWITCH-3(config)#interface range fastEthernet 0/5-8

SWITCH-3(config-if-range)#spanning-tree portfast 

SWITCH-3(config-if-range)#end

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/5 but will only

have effect when the interface is in a non-trunking mode.

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/6 but will only

have effect when the interface is in a non-trunking mode.

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/7 but will only

have effect when the interface is in a non-trunking mode.

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/8 but will only

have effect when the interface is in a non-trunking mode.

SWITCH-4(config)#interface range fastEthernet 0/5-8

SWITCH-4(config-if-range)#spanning-tree portfast

SWITCH-4(config-if-range)#end

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/5 but will only

have effect when the interface is in a non-trunking mode.

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/6 but will only

have effect when the interface is in a non-trunking mode.

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/7 but will only

have effect when the interface is in a non-trunking mode.

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface  when portfast is enabled, can cause temporary bridging loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/8 but will only

have effect when the interface is in a non-trunking mode.

(Same portfast configuration on SWITCH-3)

SWITCH-1(config)#interface fastEthernet 0/9

SWITCH-1(config-if)#switchport mode trunk 

SWITCH-1(config-if)#exit

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/9, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/9, changed state to up

SWITCH-3(config)#interface fastEthernet 0/9

SWITCH-3(config-if)#switchport mode trunk 

SWITCH-3(config-if)#exit

SVI-SWITCH(config)#vlan 10

SVI-SWITCH(config-vlan)#name digital-market

SVI-SWITCH(config-vlan)#exit

SVI-SWITCH(config)#vlan 20

SVI-SWITCH(config-vlan)#name customer-care

SVI-SWITCH(config-vlan)#exit

SVI-SWITCH(config)#ip routing

SVI-SWITCH(config)#interface vlan 10

SVI-SWITCH(config-if)#ip address 10.1.1.1 255.0.0.0

SVI-SWITCH(config-if)#no shutdown 

%LINK-5-CHANGED: Interface Vlan10, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up

SVI-SWITCH(config-if)#interface vlan 20 

SVI-SWITCH(config-if)#ip address 20.1.1.1 255.0.0.0

SVI-SWITCH(config-if)#exit

%LINK-5-CHANGED: Interface Vlan20, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up

SWITCH-1(config)#interface range fastEthernet 0/1-4

SWITCH-1(config-if-range)#channel-protocol pagp

SWITCH-1(config-if-range)#channel-group 1 mode desirable

SWITCH-1(config-if-range)#exit

Creating a port-channel interface Port-channel 1

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

%LINEPROTO-5-UPDOW: Line protocol on Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up

SWITCH-2(config)#interface range fastEthernet 0/1-4

SWITCH-2(config-if-range)#channel-protocol pagp 

SWITCH-2(config-if-range)#channel-group 1 mode desirable

SWITCH-2(config-if-range)#exit

Creating a port-channel interface Port-channel 1

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up

%LINK-5-CHANGED: Interface Port-channel1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up

SWITCH-3(config)#interface range fastEthernet 0/1-4

SWITCH-3(config-if-range)#channel-protocol pagp

SWITCH-3(config-if-range)#channel-group 2 mode desirable

SWITCH-3(config-if-range)#exit

SWITCH-3(config)#exit

Creating a port-channel interface Port-channel 2

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up

SWITCH-4(config)#interface range fastEthernet 0/1-4

SWITCH-4(config-if-range)#channel-protocol pagp 

SWITCH-4(config-if-range)#channel-group 2 mode desirable 

SWITCH-4(config-if-range)#exit

SWITCH-4(config)#exit

Creating a port-channel interface Port-channel 2

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up

%LINK-5-CHANGED: Interface Port-channel2, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel2, changed state to up

SWITCH-1(config)#interface port-channel 1

SWITCH-1(config-if)#switchport mode trunk 

SWITCH-1(config-if)#exit

SWITCH-1(config)#exit

%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk Port-channel1 VLAN1.

%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking Port-channel1 on VLAN0001. Inconsistent port type.

SWITCH-2(config)#interface port-channel 1

SWITCH-2(config-if)#switchport mode trunk 

SWITCH-2(config)#end

SWITCH-2(config-if)#ex%SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel1 on VLAN0001. Port consistency restored.

%SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel1 on VLAN0001. Port consistency restored.

SWITCH-3(config)#interface port-channel 2

SWITCH-3(config-if)#switchport mode trunk 

SWITCH-3(config-if)#exit

SWITCH-4(config)#interface port-channel 2

SWITCH-4(config-if)#switchport mode trunk 

SWITCH-4(config-if)#exit

SWITCH-4(config)#exit

SWITCH-1(config)#vlan 10

SWITCH-1(config-vlan)#name digital-market

SWITCH-1(config-vlan)#exit

SWITCH-1(config)#interface range fastethernet 0/5-8

SWITCH-1(config-if-range)#switchport mode access 

SWITCH-1(config-if-range)#switchport access vlan 10 

SWITCH-1(config-if-range)#exit

SWITCH-2(config)#vlan 10

SWITCH-2(config-vlan)#name digital-market

SWITCH-2(config-vlan)#exit

SWITCH-2(config)#interface range fastethernet 0/5-8

SWITCH-2(config-if-range)#switchport mode access 

SWITCH-2(config-if-range)#switchport access vlan 10 

SWITCH-2(config-if-range)#exit

SWITCH-3(config)#vlan 20

SWITCH-3(config-vlan)#name customer-care

SWITCH-3(config-vlan)#exit

SWITCH-3(config)#interface range fastethernet 0/5-8

SWITCH-3(config-if-range)#switchport mode access 

SWITCH-3(config-if-range)#switchport access vlan 20 

SWITCH-3(config-if-range)#exit

SWITCH-4(config)#vlan 20

SWITCH-4(config-vlan)#name customer-care

SWITCH-4(config-vlan)#exit

SWITCH-4(config)#interface range fastethernet 0/5-8

SWITCH-4(config-if-range)#switchport mode access 

SWITCH-4(config-if-range)#switchport access vlan 20 

SWITCH-4(config-if-range)#exit

SWITCH-1(config)#interface range fastEthernet 0/5-8

SWITCH-1(config-if-range)#spanning-tree bpduguard enable

SWITCH-1(config-if-range)#exit

SWITCH-2(config)#interface range fastEthernet 0/5-8

SWITCH-2(config-if-range)#spanning-tree bpduguard enable

SWITCH-2(config-if-range)#exit

SWITCH-3(config)#interface range fastEthernet 0/5-8

SWITCH-3(config-if-range)#spanning-tree bpduguard enable

SWITCH-3(config-if-range)#exit

SWITCH-4(config)#interface range fastEthernet 0/5-8

SWITCH-4(config-if-range)#spanning-tree bpduguard enable

SWITCH-4(config-if-range)#exit

SVI-SWITCH(config)#interface fastEthernet 0/3

SVI-SWITCH(config-if)#no switchport 

SVI-SWITCH(config-if)#ip address 1.1.1.2 255.0.0.0

SVI-SWITCH(config-if)#no shutdown

SVI-SWITCH(config-if)#exit

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up

SVI-SWITCH(config)#do ping 1.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/0 ms

ROUTER-ONE(config)#interface gigabitEthernet 0/0/0

ROUTER-ONE(config-if)#ip address 1.1.1.1 255.0.0.0

ROUTER-ONE(config-if)#no shutdown

ROUTER-ONE(config-if)#exit

ROUTER-TWO(config)#interface gigabitEthernet 0/0/0

ROUTER-TWO(config-if)#ip address 192.168.1.1 255.255.255.0

ROUTER-TWO(config-if)#no shutdown

ROUTER-TWO(config-if)#exit

ROUTER-TWO(config)#ip dhcp pool server

ROUTER-TWO(dhcp-config)#network 192.168.1.0 255.255.255.0

ROUTER-TWO(dhcp-config)#default-router 192.168.1.1

ROUTER-TWO(dhcp-config)#dns-server 192.168.1.80

ROUTER-TWO(dhcp-config)#exit

ROUTER-TWO(config)#ip dhcp excluded-address 192.168.1.1

ROUTER-TWO(config)#ip dhcp excluded-address 192.168.1.80

ROUTER-TWO(config)#exit

ROUTER-TWO(config)#interface gigabitEthernet 0/0/1

ROUTER-TWO(config-if)#ip address 2.2.2.2 255.0.0.0

ROUTER-TWO(config-if)#no shutdown 

ROUTER-TWO(config-if)#exit

%LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up

SWITCH-5(config)#ip dhcp snooping 

SWITCH-5(config)#ip dhcp snooping  vlan 1

SWITCH-5(config)#interface fastethernet 0/1

SWITCH-5(config-if)#ip dhcp snooping trust

SWITCH-5(config-if)#exit

ROUTER-TWO(config)#ip dhcp relay information trust-all

ROUTER-TWO(config)#exit

ROUTER-ONE(config)#interface gigabitEthernet 0/0/1

ROUTER-ONE(config-if)#ip address 2.2.2.1 255.0.0.0

ROUTER-ONE(config-if)#no shutdown 

ROUTER-ONE(config-if)#exit

ROUTER-TWO(config)#router eigrp 1

ROUTER-TWO(config-router)#network 192.168.1.0

ROUTER-TWO(config-router)#network 2.0.0.0

ROUTER-TWO(config-router)#no auto-summary 

ROUTER-TWO(config-router)#exit

%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 2.2.2.1 (GigabitEthernet0/0/1) is up: new adjacency

ROUTER-ONE(config)# router eigrp 1

ROUTER-ONE(config-router)#network 2.0.0.0

ROUTER-ONE(config-router)#network 192.168.100.0

%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 192.168.100.2 (GigabitEthernet0/0/0) is up: new adjacency

%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 2.2.2.2 (GigabitEthernet0/0/1) is up: new adjacency

ROUTER-ONE(config-router)#no auto-summary 

ROUTER-ONE(config-router)#exit

SVI-SWITCH(config)#router eigrp 1

SVI-SWITCH(config-router)#network 192.168.100.0

SVI-SWITCH(config-router)#network 10.0.0.0

SVI-SWITCH(config-router)#network 20.0.0.0

SVI-SWITCH(config-router)#no auto-summary 

SVI-SWITCH(config-router)#exit

%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 192.168.100.1 (FastEthernet0/3) is up: new adjacency

%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 192.168.100.1 (FastEthernet0/3) resync: summary configured             

now we try to ping from PC- 10.1.1.2 to 192.168.1.30 (DHCP)