解決IP地址沖突的完美方法

發(fā)布時間:2006/12/16 21:54:00
使用的方法是采用DHCP方式為用戶分配IP,然后限定這些用戶只能使用動態(tài)IP的方式,如果改成靜態(tài)IP的方式則不能連接上網(wǎng)絡(luò);也就是使用了DHCP SNOOPING功能。
例子:

    version 12.1
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    service compress-config
    !
    hostname C4-2_4506
    !
    enable password xxxxxxx!
    clock timezone GMT 8
    ip subnet-zero


    no ip domain-lookup
    !
    ip dhcp snooping vlan 180-181 // 對哪些VLAN 進(jìn)行限制
    ip dhcp snooping
    ip arp inspection vlan 180-181
    ip arp inspection validate src-mac dst-mac ip
    errdisable recovery cause udld
    errdisable recovery cause bpduguard
    errdisable recovery cause security-violation
    errdisable recovery cause channel-misconfig
    errdisable recovery cause pagp-flap
    errdisable recovery cause dtp-flap
    errdisable recovery cause link-flap
    errdisable recovery cause l2ptguard
    errdisable recovery cause psecure-violation
    errdisable recovery cause gbic-invalid
    errdisable recovery cause dhcp-rate-limit
    errdisable recovery cause unicast-flood
    errdisable recovery cause vmps
    errdisable recovery cause arp-inspection
    errdisable recovery interval 30
    spanning-tree extend system-id
    !
    !

    interface GigabitEthernet2/1 // 對該端口接入的用戶進(jìn)行限制,可以下聯(lián)交換機(jī)
    ip arp inspection limit rate 100
    arp timeout 2
    ip dhcp snooping limit rate 100
    !

    interface GigabitEthernet2/2
    ip arp inspection limit rate 100
    arp timeout 2
    ip dhcp snooping limit rate 100
    !

    interface GigabitEthernet2/3
    ip arp inspection limit rate 100
    arp timeout 2
    ip dhcp snooping limit rate 100
    !

    interface GigabitEthernet2/4
    ip arp inspection limit rate 100
    arp timeout 2
    ip dhcp snooping limit rate 100

    注:DHCP Snooping 

    DAI,Dynamic ARP Inspection

    IP Source Guard

    DHCP Interface Tracker (Option 82)

    設(shè)備局限很大,3550-4000系列之間能用,用來防止基于內(nèi)部的2層攻擊,同一VLAN防止私自建立DHCP SERVER。



Copyright© 2004-2020 河南海騰電子技術(shù)有限公司 版權(quán)所有   經(jīng)營性ICP/ISP證 備案號:B1-20180452   豫公網(wǎng)安備 41019702002018號    電子營業(yè)執(zhí)照