DHCP Snooping实验配置
目录
DHCP Snooping 是为了让用户从合法的DHCP 服务器上获取到IP地址。避免接入用户私接DHCP服务器造成DHCP攻击
本篇文章重点在于DHCP Snooping配置,前期DHCP配置查看此篇文章 https://blog.csdn.net/qq_33958560/article/details/116780743
实验拓扑
配置思路
全局开启DHCP和DHCP Snooping功能
接入接口开启 DHCP Snooping
上联接口开启 DHCP Snooping 和 DHCP Snooping trusted ( 将上联口配置为信任接口 )
配置过程
[S2]dhcp enable // 全局开启DHCP
Info: The operation may take a few seconds. Please wait for a moment.done.
[S2]dhcp snooping enable // 全局开启DHCP Snooping
[S2]interface Ethernet0/0/1
[S2-Ethernet0/0/1]dhcp snooping enable // 接口下开启DHCP Snooping
[S2-Ethernet0/0/1]int e0/0/2
[S2-Ethernet0/0/2]dhcp snooping enable // 接口下开启DHCP Snooping
[S2-Ethernet0/0/2]dhcp snooping trusted // 设置该接口为DHCP Snooping 信任口
查看结果
<S2>dis dhcp snooping user-bind all
DHCP Dynamic Bind-table:
Flags:O - outer vlan ,I - inner vlan ,P - map vlan
IP Address MAC Address VSI/VLAN(O/I/P) Interface Lease
--------------------------------------------------------------------------------
192.168.10.200 5489-9879-69ee 10 /-- /-- Eth0/0/1 2021.05.14-20:07
--------------------------------------------------------------------------------
print count: 1 total count: 1