华为设备DHCP snooping配置

其他 2020-09-08 20:05:47 阅读次数: 0

DHCP  snooping作用:

1.PC可以从指定DHCPServer获取到IP地址;
2.防止其他非法的DHCP Server影响网络中的主机;

DHCP Snooping的基本原理:

开启了DHCP Snooping的设备将用户(DHCP客户端)的DHCP请求报文通过信任接口发送给合法的DHCP服务器。之后设备根据DHCP服务器回应的DHCP ACK报文信息生成DHCP Snooping绑定表。后续设备再从开启了DHCP Snooping的接口接收用户发来的DHCP报文时,会进行匹配检查,能够有效防范非法用户的攻击。

简单一句话,就是IP地址只能从我指定的信任接口获取,其它接口发过来的报文我都不信任,不接受,也不分配IP地址。

配置

使能DHCP Snooping功能的顺序是

先使能全局下的DHCP Snooping功能

再使能接口下或VLAN下的DHCP Snooping功能

在三层交换上部署dhcp server

sys
dhcp enable
#
interface Vlanif1091
 dhcp select global
#
interface Vlanif1092
 dhcp select global
#
interface Vlanif1093
 dhcp select global
#
interface Vlanif1094
 dhcp select global
#
#
ip pool 1091
 gateway-list 10.180.109.1
 network 10.180.109.0 mask 255.255.255.192
#
#
ip pool 1092
 gateway-list 10.180.109.65
 network 10.180.109.64 mask 255.255.255.192
#
ip pool 1093
 gateway-list 10.180.109.129
 network 10.180.109.128 mask 255.255.255.192
#
ip pool 1094
 gateway-list 10.180.109.193
 network 10.180.109.192 mask 255.255.255.192

在三层交换配置dhcp snooping

全局模式下开启dhcp snooping
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[Huawei]dhcp snooping enable
[Huawei]port-group all_port
[Huawei-port-group-all_port]group-member gi 0/0/1 to gi 0/0/48
                                                        ^
Error: Wrong parameter found at '^' position.

接口下开启dhcp snooping
[Huawei-port-group-all_port]group-member gi 0/0/1 to gi 0/0/8
[Huawei-port-group-all_port]dis th
#
port-group all_port
 group-member GigabitEthernet0/0/1
 group-member GigabitEthernet0/0/2
 group-member GigabitEthernet0/0/3
 group-member GigabitEthernet0/0/4
 group-member GigabitEthernet0/0/5
 group-member GigabitEthernet0/0/6
 group-member GigabitEthernet0/0/7
 group-member GigabitEthernet0/0/8
#
return
[Huawei-port-group-all_port]
[Huawei-port-group-all_port]dhcp snooping enable
[Huawei-GigabitEthernet0/0/1]dhcp snooping enable
[Huawei-GigabitEthernet0/0/2]dhcp snooping enable
[Huawei-GigabitEthernet0/0/3]dhcp snooping enable
[Huawei-GigabitEthernet0/0/4]dhcp snooping enable
[Huawei-GigabitEthernet0/0/5]dhcp snooping enable
[Huawei-GigabitEthernet0/0/6]dhcp snooping enable
[Huawei-GigabitEthernet0/0/7]dhcp snooping enable
[Huawei-GigabitEthernet0/0/8]dhcp snooping enable
[Huawei-port-group-all_port]

二层交换与三层交换(dhcp server)相连接口配置为dhcp snooping trust

其他接口均开启dhcp snooping enable

<L2-SW-1>sys
Enter system view, return user view with Ctrl+Z.
[L2-SW-1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[L2-SW-1]
[L2-SW-1]dhcp snooping enable
[L2-SW-1]int gi 0/0/1
[L2-SW-1-GigabitEthernet0/0/1]dhcp snooping trust
[L2-SW-1-GigabitEthernet0/0/1]q
[L2-SW-1]port-group all_access
[L2-SW-1-port-group-all_access]group-member gi 0/0/2 to gi 0/0/3
[L2-SW-1-port-group-all_access]dhcp snooping enable
[L2-SW-1-GigabitEthernet0/0/2]dhcp snooping enable
[L2-SW-1-GigabitEthernet0/0/3]dhcp snooping enable
[L2-SW-1-port-group-all_access]

猜你喜欢

转载自blog.csdn.net/WannaHaha/article/details/108277054
今日推荐
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
国产云输入法——仅华为无云端数据上传安全问题
周排行
Python环境安装与基础语法(1)——计算机基础知识
IMU预积分
ADAS中的LDW、FCW、BSD、LCA、ACC、AEB、APA、DMS代表的含义
B站笔试两道题
skyeye arm 硬件虚拟机环境的搭建
Web前端静态页面示例
数组-合并排序数组 II-简单
springcloud之版本问题启动报错
面向对象-------------匿名对象(六)
输入URL到页面呈现中间发生了什么?
每日归档
更多
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)
2024-04-21(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022