快压

当前位置:首页 > 电脑技巧 > 正文

解决 IP 地址冲突de完美方法

浏览次数:|更新日期:2014年11月12日

  Q:
  A:使用的方法是采用DHCP方式为用户分配IP,然后限定这些用户只能使用动态IP的方式,如果改成静态IP的方式则不能连接上网络;也就是使用了DHCP SNOOPING功能。
  例子:
  version 12.1
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  service compress-config
  !
  hostname C4-2_4506
  !
  enable password xxxxxxx!
  clock timezone GMT 8
  ip subnet-zero
  no ip domain-lookup
  !
  ip dhcp snooping vlan 180-181 // 对哪些VLAN 进行限制
  ip dhcp snooping
  ip arp inspection vlan 180-181
  ip arp inspection validate src-mac dst-mac ip
  errdisable recovery cause udld
  errdisable recovery cause bpduguard
  errdisable recovery cause security-violation
  errdisable recovery cause channel-misconfig
  errdisable recovery cause pagp-flap
  errdisable recovery cause dtp-flap
  errdisable recovery cause link-flap
  errdisable recovery cause l2ptguard
  errdisable recovery cause psecure-violation
  errdisable recovery cause gbic-invalid
  errdisable recovery cause dhcp-rate-limit
  errdisable recovery cause unicast-flood
  errdisable recovery cause vmps
  errdisable recovery cause arp-inspection
  errdisable recovery interval 30
  spanning-tree extend system-id
  !
  !
  interface GigabitEthernet2/1 // 对该端口接入的用户进行限制,可以下联交换机
  ip arp inspection limit rate 100
  arp timeout 2
  ip dhcp snooping limit rate 100
  !
  interface GigabitEthernet2/2
  ip arp inspection limit rate 100
  arp timeout 2
  ip dhcp snooping limit rate 100
  !
  interface GigabitEthernet2/3
  ip arp inspection limit rate 100
  arp timeout 2
  ip dhcp snooping limit rate 100
  !
  interface GigabitEthernet2/4
  ip arp inspection limit rate 100
  arp timeout 2
  ip dhcp snooping limit rate 100
  注:DHCP Snooping
  DAI,Dynamic ARP Inspection
  IP Source Guard
  DHCP Interface Tracker (Option 82)
  设备局限很大,3550—4000系列之间能用,用来防止基于内部的2层攻击,同一VLAN防止私自建立DHCP SERVER