目录
DHCP Snooping Binding Database
实验3:接入层交换机插入option82,上游核心交换机也开启dhcp snooping
扫描二维码关注公众号,回复:
17030461 查看本文章
DHCPsnooping
机制概述
Option82
Option报文结构
DHCP Snooping Binding Database
配置示例
实验1:基础实验
Server:
no ip routing
ip default-gateway 192.168.100.254
interface GigabitEthernet0/0
ip address 192.168.100.1 255.255.255.0
no shutdown
service dhcp
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
SW2:
vlan 10
vlan 100
!
interface FastEthernet0/1
switchport access vlan 100
!
interface FastEthernet0/2
switchport mode trunk
interface Vlan10
ip address 192.168.10.254 255.255.255.0
ip helper-address 192.168.100.1
!
interface Vlan100
ip address 192.168.100.254 255.255.255.0
SW1:
vlan 10
!
ip dhcp snooping
ip dhcp snooping vlan 10
no ip dhcp snooping information option
!
interface FastEthernet0/1
switchport access vlan 10
!
interface FastEthernet0/2
ip dhcp snooping trust
switchport mode trunk
!
实验结果:
SW1#show ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- -----------------
00:01:96:0D:BD:1E 192.168.10.1 0 dhcp-snooping 10 FastEthernet0/1
Total number of bindings: 1
实验2:接入交换机插入option82,核心交换机做中继
在上面代码的基础上
·SW1(config)# ip dhcp snooping information option
·SW2(config)# ip dhcp relay information trust-all
实验3:接入层交换机插入option82,上游核心交换机也开启dhcp snooping
在上面的基础上添加
·SW2(config)#ip dhcp snooping information option allow-untrusted
实验4:无中继环境中,option82及相关问题
·还原SW2
·vlan 10
!
interface FastEthernet0/1
switchport access vlan 10
!
interface FastEthernet0/2
switchport mode trunk
!
interface Vlan10
ip address 192.168.10.254 255.255.255.0
其他配置
Configure the switch to verify that the source MAC address in a DHCP packet received on untrustedports matches the client hardware address in the packet.The default is to verify that the source MACaddress matches the client hardware address in the packet.
配置交换机以验证在非信任端口上接收的DHCP数据包中的源MAC地址是否与数据包中的客户端硬件地址相匹配。默认情况是验证源MAC地址是否与包中的客户端硬件地址匹配。
参考
DHCP snooping详解_mypanlong的博客-CSDN博客
【交换安全】DAI - Dynamic ARP Inspection 详解_交换机dai_提出问题 解决问题的博客-CSDN博客