Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:03,698 --> 00:00:07,089 This is a free, complete course for the CCNA. 2 00:00:07,089 --> 00:00:10,949 If you like these videos, please subscribe\n 3 00:00:10,949 --> 00:00:15,369 Also, please like and leave a comment, and\n 4 00:00:18,440 --> 00:00:24,439 If you want more labs like this, I highly\n 5 00:00:24,439 --> 00:00:28,948 NetSim is a network simulator like Packet\n 6 00:00:28,949 --> 00:00:34,050 over 100 detailed guided labs covering the\nCCNA exam topics. 7 00:00:34,049 --> 00:00:38,359 If you want to get NetSim, follow the link\nin the description. 8 00:00:38,359 --> 00:00:42,439 In this lab we’ll practice some of the dynamic\n 9 00:00:44,289 --> 00:00:49,229 Unfortunately, packet tracer doesn’t support\n 10 00:00:51,359 --> 00:00:57,829 Before that, we’ll configure R1 as a DHCP\n 11 00:00:59,509 --> 00:01:06,500 So, let’s get right into step 1 and configure\n 12 00:01:07,849 --> 00:01:12,869 CONF T. First, I’ll configure the range\n 13 00:01:12,870 --> 00:01:20,750 separately from \nthe DHCP pool. 14 00:01:20,750 --> 00:01:23,870 IP DHCP EXCLUDED-ADDRESS 192.168.1.1 192.168.1.9. 15 00:01:31,728 --> 00:01:38,019 NETWORK 192.168.1.0 255.255.255.0. 16 00:01:38,019 --> 00:01:42,158 And then I’ll configure R1 as the default\ngateway. 17 00:01:43,780 --> 00:01:48,368 Okay, that’s all I’ll configure on R1. 18 00:01:48,368 --> 00:01:53,688 Next up, I’ll configure DHCP snooping on\nSW1 and SW2. 19 00:01:53,688 --> 00:01:59,908 I don’t specify the exact settings you should\n 20 00:01:59,909 --> 00:02:03,460 Enable it, and configure the appropriate trusted\nports. 21 00:02:11,090 --> 00:02:15,360 That command enables it globally, but it also\n 22 00:02:19,469 --> 00:02:22,219 And then I’ll remove option 82. 23 00:02:22,219 --> 00:02:25,800 NO IP DHCP SNOOPING INFORMATION OPTION. 24 00:02:25,800 --> 00:02:31,140 Finally, I’ll configure G0/2 as a trusted\nport. 25 00:02:36,699 --> 00:02:42,859 Now, as for G0/1 it could be either trusted\nor untrusted. 26 00:02:42,860 --> 00:02:47,340 Untrusted is more secure since it could catch\n 27 00:02:47,340 --> 00:02:51,520 past SW2, perhaps due to a misconfiguration. 28 00:02:51,520 --> 00:02:54,350 But it also takes more processing power on\nSW1. 29 00:02:54,349 --> 00:02:59,969 I’ll leave it as untrusted as I recommended\n 30 00:03:14,449 --> 00:03:18,669 NO IP DHCP SNOOPING INFORMATION OPTION. 31 00:03:21,620 --> 00:03:25,650 INTERFACE G0/1 IP DHCP SNOOPING TRUST. 32 00:03:26,800 --> 00:03:29,920 Okay that’s all for DHCP snooping. 33 00:03:29,919 --> 00:03:34,679 Since I’m on SW2, I’ll configure DAI here\nfirst. 34 00:03:39,900 --> 00:03:45,689 Now, the instructions say to enable all additional\n 35 00:03:45,689 --> 00:03:51,280 IP ARP INSPECTION VALIDATE, and let me check\nthe options. 36 00:03:51,280 --> 00:03:55,580 As I demonstrated in the lecture video, to\n 37 00:03:55,580 --> 00:04:00,010 them in a single command, although the order\ndoesn’t matter. 38 00:04:03,110 --> 00:04:07,250 Okay, I’ll confirm in the running config\nlater. 39 00:04:07,250 --> 00:04:12,729 Now I’ll trust SW2’s G0/1 interface since\nit’s connected to SW1. 40 00:04:18,279 --> 00:04:22,829 Okay that’s all, so I’ll use END to return\n 41 00:04:27,410 --> 00:04:33,660 Right here at the top, we can see the DAI\n 42 00:04:33,660 --> 00:04:40,060 And if I look down at G0/1, it is trusted\n 43 00:04:40,060 --> 00:04:42,949 Now let’s check a DAI show command. 44 00:04:42,949 --> 00:04:45,629 SHOW IP ARP INSPECTION INTERFACES. 45 00:04:45,629 --> 00:04:51,939 Okay, notice that all interfaces are untrusted\n 46 00:04:53,209 --> 00:04:55,849 However, there is a difference here. 47 00:04:55,850 --> 00:05:00,350 Rate limiting is enabled at 15 packets per\n 48 00:05:02,360 --> 00:05:05,710 This is different than what I showed in the\nlecture video. 49 00:05:05,709 --> 00:05:10,310 According to Cisco’s documentation, as well\n 50 00:05:10,310 --> 00:05:15,350 I tested it on, rate limiting should not be\n 51 00:05:15,350 --> 00:05:20,750 So, I’m not sure if this is an error in\n 52 00:05:22,560 --> 00:05:27,280 But as I said, Cisco documentation states\n 53 00:05:27,279 --> 00:05:32,699 on trusted ports, and my own testing on multiple\n 54 00:05:32,699 --> 00:05:34,629 this is an error in packet tracer. 55 00:05:36,990 --> 00:05:40,480 I’ll do the same DAI configurations. 56 00:05:43,920 --> 00:05:50,960 IP ARP INSPECTION VALIDATE DST-MAC, IP, SRC-MAC. 57 00:05:50,959 --> 00:05:57,289 In SW1’s case, I’ll configure both G0/1\n 58 00:06:06,459 --> 00:06:13,029 There’s the DAI and DHCP snooping configs,\n 59 00:06:13,029 --> 00:06:20,359 Notice G0/2 is trusted for both DAI and DHCP\n 60 00:06:20,360 --> 00:06:24,920 That’s just how I set up the network, but\n 61 00:06:24,920 --> 00:06:30,449 The most important thing is to make sure that\n 62 00:06:30,449 --> 00:06:36,521 is trusted for both DAI and DHCP snooping,\n 63 00:06:38,300 --> 00:06:45,210 Finally, let’s see if the PCs can successfully\n 64 00:06:46,230 --> 00:06:53,840 So, I’ll go into PC1 and change this gateway\n 65 00:06:53,839 --> 00:06:59,629 automatically change the FastEthernet0 setting\n 66 00:07:11,399 --> 00:07:14,989 Now I’ll go into the CLI of PC1. 67 00:07:14,990 --> 00:07:20,800 And here we can see its IP address, so it\n 68 00:07:21,800 --> 00:07:24,329 Let’s see if it’s allowed to ping. 69 00:07:24,329 --> 00:07:26,979 If not, there is likely a problem with DAI. 70 00:07:35,589 --> 00:07:43,229 So, in this lab we configured DHCP, DHCP snooping,\n 71 00:07:43,230 --> 00:07:48,259 As I said at the beginning, unfortunately\n 72 00:07:48,259 --> 00:07:49,889 but you can still practice the basics. 73 00:07:52,199 --> 00:08:03,780 Now let’s take a look at a lab in Boson\n 5905