ENSP:DHCP全局+动态IP与MAC绑定

 IP与MAC绑定的好处：不能随意修改IP，避免IP冲突；

                                      保护网络安全，减少ARP攻击；

                                      保证用户合法IP不会被盗用以及滥用；

                                     一台设备只能够固定一个。

 LSW3

#
dhcp enable
#
ip pool vlan10
 gateway-list 192.168.10.254
 network 192.168.10.0 mask 255.255.255.0
 dns-list 8.8.8.8
#
ip pool vlan20
 gateway-list 192.168.20.254
 network 192.168.20.0 mask 255.255.255.0
 dns-list 8.8.8.8
#
interface Vlanif10
 ip address 192.168.10.254 255.255.255.0
 dhcp select global
#
interface Vlanif20
 ip address 192.168.20.254 255.255.255.0
 dhcp select global
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#

LSW1与LSW2

#
vlan batch 10
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
  


#
vlan batch 20
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 20
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
  

查看PC1与PC2的地址获取情况

 

 在LSW3交换机上再配置动态IP与MAC地址绑定

[Huawei]dhcp enable #使能DHCP
Info: The operation may take a few seconds. Please wait for a moment.done.
[Huawei]dhcp snooping enable  #开启了DHCP Snooping的设备将用户（DHCP客户端）的DHCP请求报文通过信任接口发送给合法的DHCP服务器
[Huawei]vlan 10	
[Huawei-vlan10]dhcp snooping enable 
[Huawei-vlan10]ip source check user-bind enable #使能IP报文检查功能
Info: Add permit rule for dynamic snooping bind-table, please wait a minute!done
.
[Huawei-vlan10]q
[Huawei]vlan 20
[Huawei-vlan20]dhcp snooping enable 
[Huawei-vlan20]ip source check user-bind enable 
Info: Add permit rule for dynamic snooping bind-table, please wait a minute!done
.
[Huawei-vlan20]q

 先把PC停止运行，再启动。

不然交换机没有绑定表。 

在LSW3输入命令 DIS DHCP snooping user-bind all