### Layer 2 Security

# Part 1

Central#show spanning-tree

Central(config)#spanning-tree vlan 1 root primary

Sw-1(config)#spanning-tree vlan 1 root secondary

# Part 2

SW-A(config)# spanning-tree portfast default

SW-B(config)# spanning-tree portfast default

SW-A(config)#int range f0/1 - 24SW-A(config-if-range)#spanning-tree bpduguard enable

SW-B(config)#int range f0/1 - 24SW-B(config-if-range)#spanning-tree bpduguard enable

SW-1(config)#int range f0/23 - 24SW-1(config-if-range)#spanning-tree guard root

SW-2(config)#int range f0/23 - 24SW-2(config-if-range)#spanning-tree guard root

# Part 3

SW-1(config)#int g0/1SW-1(config-if)#storm-control broadcast level 50

SW-2(config)#int g0/1SW-2(config-if)#storm-control broadcast level 50

# Part 4

SW-A(config)#int f0/1SW-A(config-if)#switchport mode accessSW-A(config-if)#switchport port-security SW-A(config-if)#switchport port-security mac-address stickySW-A(config-if)#switchport port-security maximum 2SW-A(config-if)#switchport port-security violation shutdown

SW-B(config)#int f0/1SW-B(config-if)#switchport mode accessSW-B(config-if)#switchport port-security SW-B(config-if)#switchport port-security mac-address stickySW-B(config-if)#switchport port-security maximum 2SW-B(config-if)#switchport port-security violation shutdown

SW-A(config)#int range f0/5 - 6SW-A(config-if-range)#shutdown

SW-B(config)#int range f0/5 - 6SW-B(config-if-range)#shutdown

# Part 5