Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:03,698 --> 00:00:07,089
This is a free, complete course for the CCNA.
2
00:00:07,089 --> 00:00:10,949
If you like these videos, please subscribe\n
3
00:00:10,949 --> 00:00:15,369
Also, please like and leave a comment, and\n
4
00:00:18,440 --> 00:00:24,439
If you want more labs like this, I highly\n
5
00:00:24,439 --> 00:00:28,948
NetSim is a network simulator like Packet\n
6
00:00:28,949 --> 00:00:34,050
over 100 detailed guided labs covering the\nCCNA exam topics.
7
00:00:34,049 --> 00:00:38,359
If you want to get NetSim, follow the link\nin the description.
8
00:00:38,359 --> 00:00:42,439
In this lab we’ll practice some of the dynamic\n
9
00:00:44,289 --> 00:00:49,229
Unfortunately, packet tracer doesn’t support\n
10
00:00:51,359 --> 00:00:57,829
Before that, we’ll configure R1 as a DHCP\n
11
00:00:59,509 --> 00:01:06,500
So, let’s get right into step 1 and configure\n
12
00:01:07,849 --> 00:01:12,869
CONF T. First, I’ll configure the range\n
13
00:01:12,870 --> 00:01:20,750
separately from \nthe DHCP pool.
14
00:01:20,750 --> 00:01:23,870
IP DHCP EXCLUDED-ADDRESS 192.168.1.1 192.168.1.9.
15
00:01:31,728 --> 00:01:38,019
NETWORK 192.168.1.0 255.255.255.0.
16
00:01:38,019 --> 00:01:42,158
And then I’ll configure R1 as the default\ngateway.
17
00:01:43,780 --> 00:01:48,368
Okay, that’s all I’ll configure on R1.
18
00:01:48,368 --> 00:01:53,688
Next up, I’ll configure DHCP snooping on\nSW1 and SW2.
19
00:01:53,688 --> 00:01:59,908
I don’t specify the exact settings you should\n
20
00:01:59,909 --> 00:02:03,460
Enable it, and configure the appropriate trusted\nports.
21
00:02:11,090 --> 00:02:15,360
That command enables it globally, but it also\n
22
00:02:19,469 --> 00:02:22,219
And then I’ll remove option 82.
23
00:02:22,219 --> 00:02:25,800
NO IP DHCP SNOOPING INFORMATION OPTION.
24
00:02:25,800 --> 00:02:31,140
Finally, I’ll configure G0/2 as a trusted\nport.
25
00:02:36,699 --> 00:02:42,859
Now, as for G0/1 it could be either trusted\nor untrusted.
26
00:02:42,860 --> 00:02:47,340
Untrusted is more secure since it could catch\n
27
00:02:47,340 --> 00:02:51,520
past SW2, perhaps due to a misconfiguration.
28
00:02:51,520 --> 00:02:54,350
But it also takes more processing power on\nSW1.
29
00:02:54,349 --> 00:02:59,969
I’ll leave it as untrusted as I recommended\n
30
00:03:14,449 --> 00:03:18,669
NO IP DHCP SNOOPING INFORMATION OPTION.
31
00:03:21,620 --> 00:03:25,650
INTERFACE G0/1 IP DHCP SNOOPING TRUST.
32
00:03:26,800 --> 00:03:29,920
Okay that’s all for DHCP snooping.
33
00:03:29,919 --> 00:03:34,679
Since I’m on SW2, I’ll configure DAI here\nfirst.
34
00:03:39,900 --> 00:03:45,689
Now, the instructions say to enable all additional\n
35
00:03:45,689 --> 00:03:51,280
IP ARP INSPECTION VALIDATE, and let me check\nthe options.
36
00:03:51,280 --> 00:03:55,580
As I demonstrated in the lecture video, to\n
37
00:03:55,580 --> 00:04:00,010
them in a single command, although the order\ndoesn’t matter.
38
00:04:03,110 --> 00:04:07,250
Okay, I’ll confirm in the running config\nlater.
39
00:04:07,250 --> 00:04:12,729
Now I’ll trust SW2’s G0/1 interface since\nit’s connected to SW1.
40
00:04:18,279 --> 00:04:22,829
Okay that’s all, so I’ll use END to return\n
41
00:04:27,410 --> 00:04:33,660
Right here at the top, we can see the DAI\n
42
00:04:33,660 --> 00:04:40,060
And if I look down at G0/1, it is trusted\n
43
00:04:40,060 --> 00:04:42,949
Now let’s check a DAI show command.
44
00:04:42,949 --> 00:04:45,629
SHOW IP ARP INSPECTION INTERFACES.
45
00:04:45,629 --> 00:04:51,939
Okay, notice that all interfaces are untrusted\n
46
00:04:53,209 --> 00:04:55,849
However, there is a difference here.
47
00:04:55,850 --> 00:05:00,350
Rate limiting is enabled at 15 packets per\n
48
00:05:02,360 --> 00:05:05,710
This is different than what I showed in the\nlecture video.
49
00:05:05,709 --> 00:05:10,310
According to Cisco’s documentation, as well\n
50
00:05:10,310 --> 00:05:15,350
I tested it on, rate limiting should not be\n
51
00:05:15,350 --> 00:05:20,750
So, I’m not sure if this is an error in\n
52
00:05:22,560 --> 00:05:27,280
But as I said, Cisco documentation states\n
53
00:05:27,279 --> 00:05:32,699
on trusted ports, and my own testing on multiple\n
54
00:05:32,699 --> 00:05:34,629
this is an error in packet tracer.
55
00:05:36,990 --> 00:05:40,480
I’ll do the same DAI configurations.
56
00:05:43,920 --> 00:05:50,960
IP ARP INSPECTION VALIDATE DST-MAC, IP, SRC-MAC.
57
00:05:50,959 --> 00:05:57,289
In SW1’s case, I’ll configure both G0/1\n
58
00:06:06,459 --> 00:06:13,029
There’s the DAI and DHCP snooping configs,\n
59
00:06:13,029 --> 00:06:20,359
Notice G0/2 is trusted for both DAI and DHCP\n
60
00:06:20,360 --> 00:06:24,920
That’s just how I set up the network, but\n
61
00:06:24,920 --> 00:06:30,449
The most important thing is to make sure that\n
62
00:06:30,449 --> 00:06:36,521
is trusted for both DAI and DHCP snooping,\n
63
00:06:38,300 --> 00:06:45,210
Finally, let’s see if the PCs can successfully\n
64
00:06:46,230 --> 00:06:53,840
So, I’ll go into PC1 and change this gateway\n
65
00:06:53,839 --> 00:06:59,629
automatically change the FastEthernet0 setting\n
66
00:07:11,399 --> 00:07:14,989
Now I’ll go into the CLI of PC1.
67
00:07:14,990 --> 00:07:20,800
And here we can see its IP address, so it\n
68
00:07:21,800 --> 00:07:24,329
Let’s see if it’s allowed to ping.
69
00:07:24,329 --> 00:07:26,979
If not, there is likely a problem with DAI.
70
00:07:35,589 --> 00:07:43,229
So, in this lab we configured DHCP, DHCP snooping,\n
71
00:07:43,230 --> 00:07:48,259
As I said at the beginning, unfortunately\n
72
00:07:48,259 --> 00:07:49,889
but you can still practice the basics.
73
00:07:52,199 --> 00:08:03,780
Now let’s take a look at a lab in Boson\n
5905
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.