博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
解决IP地址冲突的方法--DHCP SNOOPING
阅读量:5823 次
发布时间:2019-06-18

本文共 2427 字,大约阅读时间需要 8 分钟。

使用的方法是采用DHCP方式为用户分配IP,然后限定这些用户只能使用动态IP的方式,如果改成静态IP的方式则不能连接上网络;也就是使用了DHCP SNOOPING功能。 

例子: 

version 12.1 

no service pad 


service timestamps debug uptime 

service timestamps log uptime 

no service p assword-encryption 

service compress-config 


hostname C4-2_4506 


enable password xxxxxxx! 

clock timezone GMT 8 

ip subnet-zero 



no ip domain-lookup 


ip dhcp snooping vlan 180-181 // 对哪些VLAN 进行限制 

ip dhcp snooping 

ip arp inspection vlan 180-181 

ip arp inspection validate src-mac dst-mac ip 


errdisable recovery cause udld 

errdisable recovery cause bpduguard 

errdisable recovery cause security-violation 

errdisable recovery cause channel-misconfig 

errdisable recovery cause pagp-flap 

errdisable recovery cause dtp-flap 

errdisable recovery cause link-flap 

errdisable recovery cause l2ptguard 

errdisable recovery cause psecure-violation 

errdisable recovery cause gbic-invalid 

errdisable recovery cause dhcp-rate-limit 

errdisable recovery cause unicast-flood 

errdisable recovery cause vmps 

errdisable recovery cause arp-inspection 

errdisable recovery interval 30 

spanning-tree extend system-id 




interface GigabitEthernet2/1 // 对该端口接入的用户进行限制,可以下联交换机 

ip arp inspection limit rate 100 

arp timeout 2 

ip dhcp snooping limit rate 100 





interface GigabitEthernet2/2 

ip arp inspection limit rate 100 

arp timeout 2 

ip dhcp snooping limit rate 100 


interface GigabitEthernet2/3 

ip arp inspection limit rate 100 

arp timeout 2 

ip dhcp snooping limit rate 100 


interface GigabitEthernet2/4 

ip arp inspection limit rate 100 

arp timeout 2 

ip dhcp snooping limit rate 100 

--More-- 


编者注:对不需要明确地址的所有人的时候是一个很好的解决办法。另外,可以查看[url]www.cisco.com[/url]的 


IP Source Guard 

Similar to DHCP snooping, this feature is enabled on a DHCP snooping untrusted Layer 2 port. Initially, all IP traffic on the port is blocked except for DHCP packets that are captured by the DHCP snooping process. When a client receives a valid IP address from the DHCP server, or when a static IP source binding is configured by the user, a per-port and VLAN Access Control List (PACL) is installed on the port. This process restricts the client IP traffic to those source IP addresses configured in the binding; any IP traffic with a source IP address other than that in the IP source binding will be filtered out. This filtering limits a host's ability to attack the network by claiming neighbor host's IP address.

本文转自loveme2351CTO博客,原文链接:http://blog.51cto.com/loveme23/8021 ,如需转载请自行联系原作者

你可能感兴趣的文章
微软职位内部推荐-Sr DEV
查看>>
用计算器计算“异或CRC”
查看>>
让你的WPF程序在Win7下呈现Win8风格主题
查看>>
JDBC二查询(web基础学习笔记八)
查看>>
监听器(web基础学习笔记二十二)
查看>>
802.11 学习笔记
查看>>
Leetcode-Database-176-Second Highest Salary-Easy(转)
查看>>
构建Docker Compose服务堆栈
查看>>
最小角回归 LARS算法包的用法以及模型参数的选择(R语言 )
查看>>
Hadoop生态圈-Kafka常用命令总结
查看>>
如何基于Redis Replication设计并实现Redis-replicator?
查看>>
Linux 环境下 PHP 扩展的编译与安装 以 mysqli 为例
查看>>
浮点数内存如何存储的
查看>>
贪吃蛇
查看>>
EventSystem
查看>>
用WINSOCK API实现同步非阻塞方式的网络通讯
查看>>
玩一玩博客,嘿嘿
查看>>
P1352 没有上司的舞会
查看>>
ios11文件夹
查看>>
【HLOJ 559】好朋友的题
查看>>