Lab 4 : Implementing Port Security

This lab demonstrates basic configuration and monitoring tasks when implementing port security features on EX Series Ethernet Switches. In this lab, you will use the command-line interface (CLI) to configure and monitor various port security features.

EVE-NG Lab Topology

Device Startup Configurations

Before starting your lab devices, apply the below startup configurations. You can add device startup configurations by clicking on the Startup-config menu option for EVE-NG.
If the device does not start with these configurations, you can right click on the device and select Wipe and the next boot of the device will read the startup-config settings.

vQFX-01 : Startup Config

set system host-name vqfx-01
set system root-authentication encrypted-password "$1$KrovnU1S$AHV6IRreiZIuP4RA526TH0"
set system services ssh root-login allow
set system services netconf ssh
set system services rest http port 8080
set system services rest enable-explorer
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces xe-0/0/0 description "Switch Trunk Interface"
set interfaces xe-0/0/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/1 description "Switch vQFX-03 Trunk Interface"
set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/4 description "vPC VLAN 10"
set interfaces xe-0/0/4 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/4 unit 0 family ethernet-switching vlan members 10
set interfaces em0 unit 0 family inet dhcp
set interfaces em1 unit 0 family inet address 169.254.0.2/24
set interfaces irb unit 10 family inet address 10.0.10.1/24
set interfaces irb unit 20 family inet address 10.0.20.1/24
set forwarding-options storm-control-profiles default all
set protocols igmp-snooping vlan default
set protocols rstp bridge-priority 4k
set protocols rstp interface all
set vlans VLAN-10 vlan-id 10
set vlans VLAN-10 l3-interface irb.10
set vlans VLAN-20 vlan-id 20
set vlans VLAN-20 l3-interface irb.20
set vlans default vlan-id 1

vQFX-02 : Startup Config

set system host-name vqfx-02
set system root-authentication encrypted-password "$1$Kfz7PEKs$lUYDMK/olBURdugO4BTmX0"
set system services ssh root-login allow
set system services netconf ssh
set system services rest http port 8080
set system services rest enable-explorer
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces xe-0/0/0 description "Switch Trunk Interface"
set interfaces xe-0/0/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/2 description "Switch vQFX-03 Trunk Interface"
set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/4 description "vPC VLAN 10"
set interfaces xe-0/0/4 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/4 unit 0 family ethernet-switching vlan members 10
set interfaces em0 unit 0 family inet dhcp
set interfaces em1 unit 0 family inet address 169.254.0.2/24
set forwarding-options storm-control-profiles default all
set protocols igmp-snooping vlan default
set protocols rstp bridge-priority 8k
set protocols rstp interface all
set vlans VLAN-10 vlan-id 10
set vlans VLAN-20 vlan-id 20
set vlans default vlan-id 1

vQFX-03 : Startup Config

set system host-name vqfx-03
set system root-authentication encrypted-password "$1$BAxsFi1m$RlgbFoOch2HXwtiiZsVcK/"
set system services ssh root-login allow
set system services netconf ssh
set system services rest http port 8080
set system services rest enable-explorer
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces xe-0/0/1 description "Switch vQFX-01 Trunk Interface"
set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/2 description "Switch vQFX-02 Trunk Interface"
set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/4 description "vPC VLAN 20"
set interfaces xe-0/0/4 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/4 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/5 description "vPC VLAN 20"
set interfaces xe-0/0/5 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/5 unit 0 family ethernet-switching vlan members 20
set interfaces em0 unit 0 family inet dhcp
set interfaces em1 unit 0 family inet address 169.254.0.2/24
set forwarding-options storm-control-profiles default all
set protocols igmp-snooping vlan default
set protocols rstp bridge-priority 32k
set protocols rstp interface xe-0/0/1 edge
set protocols rstp interface all
set protocols rstp bpdu-block-on-edge
set vlans VLAN-10 vlan-id 10
set vlans VLAN-20 vlan-id 20
set vlans default vlan-id 1