《交换机阻止不信任的dhcp》

一、使用场景举例

二、配置原理说明

• 在连接PC的端口开启 dhcp snooping 检测
• 在trunk 接口信任 DHCP snooping

三、PE1 交换机配置

<HUAWEI> system-view
#
#全局配置                                                                               
dhcp snooping enable ipv4                                                            
dhcp snooping check dhcp-rate enable                                            
dhcp snooping check dhcp-rate 90                                                
dhcp snooping alarm dhcp-rate enable                                            
dhcp snooping alarm dhcp-rate threshold 80                                      
dhcp snooping over-vpls enable                                      
#
#连接电脑的端口开启dhcp snooping 检测                                                                               
interface range GigabitEthernet 0/0/1 to GigabitEthernet 0/0/2                                        
 dhcp snooping enable                                                          
 dhcp snooping check dhcp-giaddr enable  
 dhcp snooping check dhcp-request enable                                           
 dhcp snooping alarm dhcp-request enable                                           
 dhcp snooping alarm dhcp-request threshold 120                                    
 dhcp snooping check dhcp-chaddr enable                                         
 dhcp snooping alarm dhcp-chaddr enable                                         
 dhcp snooping alarm dhcp-chaddr threshold 120                                  
 dhcp snooping alarm dhcp-reply enable                                       
 dhcp snooping alarm dhcp-reply threshold 120                                  
 dhcp snooping max-user-number 20
 exit
#        

#trunk 接口信任                                                                       
interface GigabitEthernet0/0/3                                                  
 dhcp snooping trusted                                                          
#