华为数通 DHCP中继、DHCP Snooping ENSP案例

2023年11月10日 pm3:29 • 文章汇总, 网络设备 • 阅读 42

假设AR1是信任的DHCP服务器，AR2属于中间设备接入的DHCP，在没有配置DHCP Snooping之前我们的PC会同时接收到两台DHCP服务器的回应，这样无法保证DHCP安全，所以引用DHCP Snooping。（越靠近设备端越准确有效）

AR1：
[ar1]dhcp enable
[ar1]ip pool 1
     gateway-list 192.168.1.254 
     network 192.168.1.0 mask 255.255.255.0 
     dns-list 8.8.8.8
[ar1]interface GigabitEthernet0/0/0
     ip address 10.0.0.1 255.255.255.0 
     dhcp select global
[ar1]ip route-static 0.0.0.0 0.0.0.0 10.0.0.254

SW1:
[sw1]dhcp enable
[sw1]dhcp snooping enable ipv4
[sw1]vlan batch 10 20
[sw1]dhcp server group dhcp
     dhcp-server 10.0.0.1 0
[sw1]interface Vlanif10
     ip address 10.0.0.254 255.255.255.0
[sw1]interface Vlanif20
     ip address 192.168.1.254 255.255.255.0
     dhcp select relay
     dhcp relay server-select dhcp
[sw1]interface GigabitEthernet0/0/1
     port link-type access
     port default vlan 10
     dhcp snooping enable
     dhcp snooping trusted
[sw1]interface GigabitEthernet0/0/3
     port link-type access
     port default vlan 20
     dhcp snooping enable

[sw2]vlan batch 20
[sw2]dhcp enable
[sw2]dhcp snooping enable ipv4
[sw2]interface GigabitEthernet0/0/1
     port link-type access
     dhcp snooping enable
     dhcp snooping trusted
[sw2]interface GigabitEthernet0/0/2
     dhcp snooping enable
     port link-type access
[sw2]interface GigabitEthernet0/0/3
     dhcp snooping enable
     port link-type access

[ar2]dhcp enable
[ar2]ip pool 1
     gateway-list 192.168.2.254 
     network 192.168.2.0 mask 255.255.255.0 
[ar2]interface GigabitEthernet0/0/0
     ip address 192.168.2.254 255.255.255.0 
     dhcp select global

作者：Zleoco，如若转载，请注明出处：https://www.zleoco.com/?p=1933