华为dhcp涉及的所有内容(中继、防中间人arp、防ip仿冒等)

编程语言 2023-12-27 17:24:06 阅读次数: 0

在这里插入图片描述

R1

dhcp enable

ip pool test
gateway-list 192.168.0.1
network 192.168.0.0 mask 255.255.255.0
static-bind ip-address 192.168.0.88 mac-address 5489-986e-358e
excluded-ip-address 192.168.0.100
dns-list 114.114.114.114

ip pool test2
gateway-list 192.168.1.1
network 192.168.1.0 mask 255.255.255.0

interface GigabitEthernet0/0/0
ip address 10.0.0.1 255.255.255.0
dhcp select global

ip route-static 192.168.0.0 255.255.255.0 10.0.0.2
ip route-static 192.168.1.0 255.255.255.0 10.0.0.2

R2

dhcp enable

interface GigabitEthernet0/0/0
ip address 10.0.0.2 255.255.255.0

interface GigabitEthernet0/0/1
ip address 192.168.0.1 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.0.0.1 //开上中继

interface GigabitEthernet0/0/2
ip address 192.168.1.1 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.0.0.1 //开上中继

R3

interface GigabitEthernet0/0/0
ip address 172.16.0.1 255.255.255.0
dhcp select interface

交换机

dhcp enable //开启dhcp

dhcp snooping enable //防私接路由
arp dhcp-snooping-detect enable //部署DAI防中间人arp攻击
user-bind static ip-address 192.168.0.100 mac-address 5489-9833-17bf interface G
igabitEthernet0/0/4 vlan 1 //部署DAI防中间人arp攻击

vlan 1
dhcp snooping enable //防私接路由
dhcp snooping trusted interface GigabitEthernet0/0/1 //防私接路由
arp anti-attack check user-bind enable //部署DAI防中间人arp攻击 ,不在vlan在接口下配置也可以

interface GigabitEthernet0/0/2
ip source check user-bind enable //防假冒IP欺骗攻击,在vlan下配置也可以
ip source check user-bind alarm enable //防假冒IP欺骗攻击
ip source check user-bind alarm threshold 100 //防假冒IP欺骗攻击

interface GigabitEthernet0/0/3
ip source check user-bind enable //防假冒IP欺骗攻击
ip source check user-bind alarm enable //防假冒IP欺骗攻击
ip source check user-bind alarm threshold 100 //防假冒IP欺骗攻击

interface GigabitEthernet0/0/4
ip source check user-bind enable //防假冒IP欺骗攻击
ip source check user-bind alarm enable //防假冒IP欺骗攻击
ip source check user-bind alarm threshold 100 //防假冒IP欺骗攻击

interface GigabitEthernet0/0/5
ip source check user-bind enable //防假冒IP欺骗攻击
ip source check user-bind alarm enable //防假冒IP欺骗攻击
ip source check user-bind alarm threshold 100 //防假冒IP欺骗攻击

查看dhcp snoop用户情况
在这里插入图片描述
手动dhcp snoop中绑定手动IP的电脑:
user-bind static ip-address 192.168.0.100 mac-address 5489-9833-17BF interface GigabitEthernet 0/0/4 vlan 1
完成后查看
在这里插入图片描述

猜你喜欢

转载自blog.csdn.net/ydaxia110/article/details/135239512
今日推荐
周排行
Grayscale的报告显示,机构投资者接受比特币
任意角度的场景文本检测论文简单总结
努力学习的意义
蒟蒻 Wendigo 表情包
Ubuntu 14.04 Install Sublime Text 3
守卫
python3中request.urlopen()和requests.get()方法的区别
花点时间顺顺Git(下)
docker安装ngnix进行挂载
spring boot 2 统一异常处理
每日归档
更多
2024-06-13(0)
2024-06-12(0)
2024-06-11(0)
2024-06-10(0)
2024-06-09(0)
2024-06-08(0)
2024-06-07(0)
2024-06-06(0)
2024-06-05(0)
2024-06-04(10)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022