靜態IP dhcp snooping的設置
作者:佚名
這里我們介紹了靜態IP dhcp snooping的配置內容。結合IP Source Guard進行設置,那么具體操作請從下文來了解一下吧。
在對DHCP設置的過程中,我們應該注意一些特別的地方。就如同我們下面將要講解的靜態IP dhcp snooping和IP Source Guard的內容。因為IP Source Guard不能和動態DHCP同時使用,所以就需要設置靜態的效果。
- clock timezone WST 8
- switch 1 provision ws-c3750g-48ts
- system mtu routing 1500
- ip subnet-zero
- !
- ip dhcp snooping vlan 1 (指定DHCP snooping防護的vlan)
- ip dhcp snooping information option allow-untrusted
- ip dhcp snooping database flash:snooping (指定數據庫路徑)
- ip dhcp snooping database write-delay 15
- ip dhcp snooping (啟動DHCP snooping)
- !
- !
- !
- interface GigabitEthernet1/0/45 (啟動IP Source Guard的端口)
- switchport mode access
- switchport port-security
- switchport port-security violation restrict
- spanning-tree portfast
- ip verify source port-security
- (ip verify source port-security是配合啟動IP soure binding使用
- ip source binding 000A.E439.5F55 vlan 1 192.168.1.200 interface Gi1/0/45,
- (說明ip source binding和動態DHCP不能同時用,所以我們需要設置靜態IP dhcp snooping) )
- !
- !
- interface Vlan1
- ip address 192.168.1.1 255.255.255.0
- !
- ip classless
- ip http server
- ip http secure-server
- !
- !
- ip source binding 000A.E439.5F55 vlan 1 192.168.1.200 interface Gi1/0/45
- !
- control-plane
- !
- !
注意使用如下命令查看工作狀態:
- Switch#sh ip ver source
- Switch#sh ip dhcp binding
- Switch#sh ip dhcp snooping binding
以上就是靜態IP dhcp snooping和IP Source Guard的具體設置了。
責任編輯:佟健
來源:
百度空間
