黑龙江信息港
科技
当前位置:首页 > 科技

方案解決IP地址沖突的完善方法

发布时间:2019-05-03 10:27:56 编辑:笔名

使用的方法是采取DHCP方式為用戶分配IP,然后限定這些用戶只能使用動態IP的方式,如果改成靜態IP的方式則不能連接上絡;也就是使用了DHCP SNOOPING功能。

例子:

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service compress-config

!

hostname C_4506

!

enable password xxxxxxx!

clock timezone GMT 8

ip subnet-zero

no ip domain-lookup

!

ip dhcp snooping vlan // 对哪些VLAN 进行限制

ip dhcp snooping

ip arp inspection vlan

ip arp inspection validate src-mac dst-mac ip

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause security-violation

errdisable recovery cause channel-misconfig

errdisable recovery cause pagp-flap

errdisable recovery cause dtp-flap

errdisable recovery cause link-flap

errdisable recovery cause l2ptguard

errdisable recovery cause psecure-violation

errdisable recovery cause gbic-invalid

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause unicast-flood

errdisable recovery cause vmps

errdisable recovery cause arp-inspection

errdisable recovery interval 30

spanning-tree extend system-id

!

!

interface GigabitEthernet2/1 // 对该端口接入的用户进行限制,可以下联交换机

ip arp inspection limit rate 100

arp timeout 2

ip dhcp snooping limit rate 100

!

interface GigabitEthernet2/2

ip arp inspection limit rate 100

arp timeout 2

ip dhcp snooping limit rate 100

!

interface GigabitEthernet2/3

ip arp inspection limit rate 100

arp timeout 2

ip dhcp snooping limit rate 100

!

interface GigabitEthernet2/4

ip arp inspection limit rate 100

arp timeout 2

ip dhcp snooping limit rate 100

注:DHCP Snooping

DAI,Dynamic ARP Inspection

IP Source Guard

DHCP Interface Tracker (Option 82)

装备局限很大,3550---4000系列之间能用,用来防止基于内部的2层攻击,同一VLAN避免私自建立DHCP SERVER

北理工一大学生坠楼身亡事件原因尚在调查
成都1岁男童捡食琵琶误吞电池食道被烧穿
未来3天南方降雨持续北方局部有6级大风