使用DHCP snooping 功能防止DHCP Server仿冒者攻击(华为交换机)

在全局视图和VLAN视图下使能DHCP Snooping。
[Quidway]dhcp enable
[Quidway]dhcp snooping enable
[Quidway]vlan 11
[Quidway-vlan11]dhcp snooping enable
配置端口vlan
[Quidway]interface Ethernet 0/0/1
[Quidway-Ethernet0/0/1]port default vlan 11
[Quidway]interface Ethernet 0/0/2
[Quidway-Ethernet0/0/1]port default vlan 11
在网络侧接口上配置Trusted模式
[Quidway]vlan 11
[Quidway-vlan11]dhcp snooping trusted interface Ethernet 0/0/1
[Quidway-vlan11]dhcp  option82 rebuild enable interface Ethernet 0/0/1 to 0/0/2
配置在用户侧的接口进行报文检查
[Quidway-Ethernet0/0/2]dhcp snooping check dhcp-request enable
[Quidway-Ethernet0/0/2]dhcp snooping check dhcp-chaddr enable
[Quidway-Ethernet0/0/2]dhcp snooping check dhcp-rate enable
配置强制插入Option82选项
[Quidway]vlan 11
[Quidway-vlan11]dhcp  option82 rebuild enable interface Ethernet 0/0/1 to 0/0/2

你可能感兴趣的:(DHCP,Snooping,仿冒者攻击)