《交换机阻止不信任的dhcp》
一、使用场景举例
二、配置原理说明
- 在连接PC的端口开启 dhcp snooping 检测
- 在trunk 接口信任 DHCP snooping
三、PE1 交换机配置
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
<HUAWEI> system-view # #全局配置 dhcp snooping enable ipv4 dhcp snooping check dhcp-rate enable dhcp snooping check dhcp-rate 90 dhcp snooping alarm dhcp-rate enable dhcp snooping alarm dhcp-rate threshold 80 dhcp snooping over-vpls enable # #连接电脑的端口开启dhcp snooping 检测 interface range GigabitEthernet 0/0/1 to GigabitEthernet 0/0/2 dhcp snooping enable dhcp snooping check dhcp-giaddr enable dhcp snooping check dhcp-request enable dhcp snooping alarm dhcp-request enable dhcp snooping alarm dhcp-request threshold 120 dhcp snooping check dhcp-chaddr enable dhcp snooping alarm dhcp-chaddr enable dhcp snooping alarm dhcp-chaddr threshold 120 dhcp snooping alarm dhcp-reply enable dhcp snooping alarm dhcp-reply threshold 120 dhcp snooping max-user-number 20 exit # #trunk 接口信任 interface GigabitEthernet0/0/3 dhcp snooping trusted # |