Home > Others

Code example: IP dhcp snooping configuration (1)

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

In the previous article, we have also explained the knowledge about dhcp snooping, its understanding, configuration, and related modulation. Here, we will introduce the specific configuration and case analysis of IP dhcp snooping, hoping to help you.

1. 3750 configure the DHCP service and DHCP snooping

 
 
    
  
  
  1. The useless parts have been deleted)
    2. 
  
  
  2. Clock timezone WST 8
    3. 
  
  
  3. Switch 1 provision ws-c3750g-48ts
    4. 
  
  
  4. System mtu routing 1500
    5. 
  
  
  5. Ip subnet-zero
    6. 
  
  
  6. Ip dhcp excluded-address 192.168.1.1 reserved address)
    7. 
  
  
  7. !
    8. 
  
  
  8. Ip dhcp pool test starts DHCP)
    9. 
  
  
  9. Network 192.168.1.0 255.255.255.0
    10. 
  
  
  10. Default-router 192.168.1.1
    11. 
  
  
  11. Dns-server 192.168.1.1
    12. 
  
  
  12. !
    13. 
  
  
  13. Ip dhcp snooping vlan 1 (specify the vlan protected by DHCP snooping)
    14. 
  
  
  14. Ip dhcp snooping information option allow-untrusted
    15. 
  
  
  15. Ip dhcp snooping database flash: snooping specifies the database path)
    16. 
  
  
  16. Ip dhcp snooping (start DHCP snooping)
    17. 
  
  
  17. !
    18. 
  
  
  18. !
    19. 
  
  
  19. Interface GigabitEthernet1/0/1
    20. 
  
  
  20. !
    21. 
  
  
  21. Interface GigabitEthernet1/0/31 normal port)
    22. 
  
  
  22. Switchport mode access
    23. 
  
  
  23. Spanning-tree portfast
    24. 
  
  
  24. !
    25. 
  
  
  25. Interface GigabitEthernet1/0/32
    26. 
  
  
  26. !
    27. 
  
  
  27. Interface GigabitEthernet1/0/42
    28. 
  
  
  28. !
    29. 
  
  
  29. Interface GigabitEthernet1/0/43 enable ip dhcp snooping port)
    30. 
  
  
  30. Switchport mode access
    31. 
  
  
  31. Switchport port-security
    32. 
  
  
  32. Spanning-tree portfast
    33. 
  
  
  33. Ip verify source
    34.

(Enable IP address verification. Users on this port cannot set their own IP addresses, which can only be obtained through DHCP, but there is no mac layer security control.
The test shows that if the user with the g1/0/43 port has an IP address of 192.168.1.2 and the user with the g1/0/42 port has intentionally changed the IP address to 192.168.1.2, the user with the g1/0/43 port will also be affected, although g1/0/42 cannot access the network by changing the IP address, g1/0/43 will prompt an IP conflict. Therefore, you must use DAI to protect the mac layer)

 
 
    
  
  
  1. !
    2. 
  
  
  2. Interface GigabitEthernet1/0/44
    3. 
  
  
  3. !
    4. 
  
  
  4. Interface GigabitEthernet1/0/45
    5. 
  
  
  5. Switchport mode access
    6. 
  
  
  6. Switchport port-security
    7. 
  
  
  7. Switchport port-security violation restrict
    8. 
  
  
  8. Spanning-tree portfast
    9. 
  
  
  9. Ip verify source port-security
    10. 
  
  
  10. After the port is enabled, the IP address cannot be registered through DHCP. The reason is that MAC cannot be registered due to port-security restrictions)
    11. 
  
  
  11. (Ip verify source port-security is used together with the startup IP soure binding
    12. 
  
  
  12. Ip source binding 001b. a111.5e11 vlan 1 192.168.1.200 interface Gi1/0/45, note that ip source binding and dynamic DHCP cannot be used at the same time)
    13. 
  
  
  13. !
    14. 
  
  
  14. Interface GigabitEthernet1/0/46
    15. 
  
  
  15. !
    16.


This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
ip sla configuration example no ip igmp snooping ipv6 dhcp configuration tcp ip code example tcp ip example code packet tracer dhcp server configuration oracle net services configuration failed exit code 1

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More