华为dhcp涉及的所有内容(中继、防中间人arp、防ip仿冒等)

2023-12-28 10:37:31

在这里插入图片描述

R1

dhcp enable

ip pool test
gateway-list 192.168.0.1
network 192.168.0.0 mask 255.255.255.0
static-bind ip-address 192.168.0.88 mac-address 5489-986e-358e
excluded-ip-address 192.168.0.100
dns-list 114.114.114.114

ip pool test2
gateway-list 192.168.1.1
network 192.168.1.0 mask 255.255.255.0

interface GigabitEthernet0/0/0
ip address 10.0.0.1 255.255.255.0
dhcp select global

ip route-static 192.168.0.0 255.255.255.0 10.0.0.2
ip route-static 192.168.1.0 255.255.255.0 10.0.0.2

R2

dhcp enable

interface GigabitEthernet0/0/0
ip address 10.0.0.2 255.255.255.0

interface GigabitEthernet0/0/1
ip address 192.168.0.1 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.0.0.1 //开上中继

interface GigabitEthernet0/0/2
ip address 192.168.1.1 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.0.0.1 //开上中继

R3

interface GigabitEthernet0/0/0
ip address 172.16.0.1 255.255.255.0
dhcp select interface

交换机

dhcp enable //开启dhcp

dhcp snooping enable //防私接路由
arp dhcp-snooping-detect enable //部署DAI防中间人arp攻击
user-bind static ip-address 192.168.0.100 mac-address 5489-9833-17bf interface G
igabitEthernet0/0/4 vlan 1 //部署DAI防中间人arp攻击

vlan 1
dhcp snooping enable //防私接路由
dhcp snooping trusted interface GigabitEthernet0/0/1 //防私接路由
arp anti-attack check user-bind enable //部署DAI防中间人arp攻击 ,不在vlan在接口下配置也可以

interface GigabitEthernet0/0/2
ip source check user-bind enable //防假冒IP欺骗攻击,在vlan下配置也可以
ip source check user-bind alarm enable //防假冒IP欺骗攻击
ip source check user-bind alarm threshold 100 //防假冒IP欺骗攻击

interface GigabitEthernet0/0/3
ip source check user-bind enable //防假冒IP欺骗攻击
ip source check user-bind alarm enable //防假冒IP欺骗攻击
ip source check user-bind alarm threshold 100 //防假冒IP欺骗攻击

interface GigabitEthernet0/0/4
ip source check user-bind enable //防假冒IP欺骗攻击
ip source check user-bind alarm enable //防假冒IP欺骗攻击
ip source check user-bind alarm threshold 100 //防假冒IP欺骗攻击

interface GigabitEthernet0/0/5
ip source check user-bind enable //防假冒IP欺骗攻击
ip source check user-bind alarm enable //防假冒IP欺骗攻击
ip source check user-bind alarm threshold 100 //防假冒IP欺骗攻击

查看dhcp snoop用户情况
在这里插入图片描述
手动dhcp snoop中绑定手动IP的电脑:
user-bind static ip-address 192.168.0.100 mac-address 5489-9833-17BF interface GigabitEthernet 0/0/4 vlan 1
完成后查看
在这里插入图片描述

文章来源:https://blog.csdn.net/ydaxia110/article/details/135239512
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。