C3560 ip dhcp snooping: различия между версиями
Материал из noname.com.ua
Перейти к навигацииПерейти к поискуSirmax (обсуждение | вклад) |
Sirmax (обсуждение | вклад) |
||
Строка 107: | Строка 107: | ||
<PRE> |
<PRE> |
||
+ | interface GigabitEthernet0/5 |
||
+ | switchport access vlan 3003 |
||
+ | switchport trunk encapsulation dot1q |
||
+ | switchport trunk native vlan 3100 |
||
+ | switchport trunk allowed vlan 3100 |
||
+ | switchport mode trunk |
||
+ | spanning-tree bpdufilter enable |
||
+ | ip dhcp snooping trust |
||
+ | end |
||
+ | </PRE> |
||
+ | |||
+ | |||
+ | <PRE> |
||
+ | interface GigabitEthernet0/7 |
||
+ | switchport access vlan 3003 |
||
+ | switchport mode access |
||
+ | spanning-tree bpdufilter enable |
||
+ | end |
||
</PRE> |
</PRE> |
||
Версия 14:22, 29 ноября 2022
ip dhcp snoopping
Минимальный конфиг - L2
- Все в одном Vlan
ip dhcp snooping trust
на порту куда включен сервер- Глобально
ip dhcp snooping vlan 3003
ip dhcp snooping
Клиентский порт
interface GigabitEthernet0/7 switchport access vlan 3003 switchport mode access spanning-tree bpdufilter enable end
Порт куда включен DHCP Server
interface GigabitEthernet0/5 switchport access vlan 3003 switchport mode access spanning-tree bpdufilter enable ip dhcp snooping trust end
sh ip dhcp snooping
sh ip dhcp snooping Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs: 3003 DHCP snooping is operational on following VLANs: 3003 Smartlog is configured on following VLANs: none Smartlog is operational on following VLANs: none DHCP snooping is configured on the following L3 Interfaces: Insertion of option 82 is enabled circuit-id default format: vlan-mod-port remote-id: 0026.5218.4900 (MAC) Option 82 on untrusted port is not allowed Verification of hwaddr field is enabled Verification of giaddr field is enabled DHCP snooping trust/rate is configured on the following Interfaces: Interface Trusted Allow option Rate limit (pps) ----------------------- ------- ------------ ---------------- GigabitEthernet0/5 yes yes unlimited Custom circuit-ids:
show ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface ------------------ --------------- ---------- ------------- ---- -------------------- B8:27:EB:51:D8:A4 10.2.1.2 62 dhcp-snooping 3003 GigabitEthernet0/7 Total number of bindings: 1
snooping + relay + ip unnumbered
- Влан клиентов (в примере 3003) терменируется на свитче
- Настроен IP unnumbered Loopback110
- Влан 3100 заведен со свитча на dhcp server и используется для пересылки запросов к серверу
interface Vlan3003 ip unnumbered Loopback110 ip helper-address 172.31.11.1 end
interface Vlan3100 ip dhcp relay information trusted ip address 172.31.11.2 255.255.255.0 ip helper-address 172.31.11.2 end
interface Loopback110 ip address 10.3.0.1 255.255.255.0 secondary ip address 10.4.0.1 255.255.255.0 secondary ip address 10.2.0.1 255.255.0.0 ip helper-address 172.31.11.1 end
interface GigabitEthernet0/5 switchport access vlan 3003 switchport trunk encapsulation dot1q switchport trunk native vlan 3100 switchport trunk allowed vlan 3100 switchport mode trunk spanning-tree bpdufilter enable ip dhcp snooping trust end
interface GigabitEthernet0/7 switchport access vlan 3003 switchport mode access spanning-tree bpdufilter enable end