静态IP dhcp snooping的设置
静态IP dhcp snooping的设置
在对DHCP设置的过程中,我们应该注意一些特别的地方。就如同我们下面将要讲解的静态IP dhcp snooping和IP Source Guard的内容。因为IP Source Guard不能和动态DHCP同时使用,所以就需要设置静态的效果。
- clock timezone WST 8
- switch 1 provision ws-c3750g-48ts
- system mtu routing 1500
- ip subnet-zero
- !
- ip dhcp snooping vlan 1 (指定DHCP snooping防护的vlan)
- ip dhcp snooping information option allow-untrusted
- ip dhcp snooping database flash:snooping 指定数据库路径)
- ip dhcp snooping database write-delay 15
- ip dhcp snooping (启动DHCP snooping)
- !
- !
- !
- interface GigabitEthernet1/0/45 启动IP Source Guard的端口)
- switchport mode access
- switchport port-security
- switchport port-security violation restrict
- spanning-tree portfast
- ip verify source port-security
- (ip verify source port-security是配合启动IP soure binding使用
- ip source binding 000A.E439.5F55 vlan 1 192.168.1.200 interface Gi1/0/45,
- 说明ip source binding和动态DHCP不能同时用,所以我们需要设置静态IP dhcp snooping) )
- !
- !
- interface Vlan1
- ip address 192.168.1.1 255.255.255.0
- !
- ip classless
- ip http server
- ip http secure-server
- !
- !
- ip source binding 000A.E439.5F55 vlan 1 192.168.1.200 interface Gi1/0/45
- !
- control-plane
- !
- !
注意使用如下命令查看工作状态:
- Switch#sh ip ver source
- Switch#sh ip dhcp binding
- Switch#sh ip dhcp snooping binding
以上就是静态IP dhcp snooping和IP Source Guard的具体设置了。
评论暂时关闭