In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Allocation idea
1. Enable DHCP Snooping function.
two。 Configure the trust status of the interface to ensure that the client obtains an IP address from a legitimate server.
3. Enable the linkage function of ARP and DHCPSnooping to ensure that DHCP users update the binding table in real time when they are offline abnormally.
4. Enables the static MAC entry function of the interface to be generated based on the DHCP Snooping binding table to prevent non-DHCP users.
5. Enables the function of binding table matching check on DHCP messages to prevent counterfeiting of DHCP messages.
6. Configure the maximum allowable rate of sending DHCP messages to the DHCP message processing unit to prevent DHCP packets from flooding.
7. Configure the maximum number of users allowed to access and enable DHCP Request detection
Operation steps
1. Enable DHCP Snooping function.
[SwitchC] dhcp enable
[SwitchC] dhcp snooping enable
two。 Enable the DHCP Snooping function of the user side interface.
[SwitchC] dhcp snooping enable vlan 1 to 100 (or directly enable the following on the interface)
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] dhcp snooping enable
3. Configure the trust status of the interface: configure the interface status that connects to the DHCP Server to "Trusted". The port connected to dhcp and the switch cascade port need to be configured
[SwitchC] interface gigabitethernet 0/0/3
[SwitchC-GigabitEthernet0/0/3] dhcp snooping trusted
4. Enable the linkage function of ARP and DHCPSnooping.
[SwitchC] arp dhcp-snooping-detect enable
5. Enables the function of binding table matching checking on DHCP messages.
[SwitchC] interface gigabitethernet0/0/1
[SwitchC-GigabitEthernet0/0/1] dhcp snooping check dhcp-request enable
6. Configure the maximum allowable rate of the DHCP message processing unit for sending DHCP messages to 10pps.
[SwitchC] dhcp snooping check dhcp-rate enable
[SwitchC] dhcp snooping check dhcp-rate 10
7. Configure the maximum number of users allowed to access the interface.
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] dhcp snooping max-user-number 2
8. Configure discarding message alarm and message speed limit alarm function.
# enables the discarding message alarm function and configures the discarding message alarm threshold. Take the GE0/0/1 interface as an example, the configuration of GE0/0/2 is the same
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC] dhcp snooping alarm dhcp-rate enable
[SwitchC] dhcp snooping alarm dhcp-rate threshold 10
[SwitchC] dhcp snooping check user-bind enable
[SwitchC] the function of dhcp snooping check mac-address enable to check the MAC address in the DHCPRequest header
Verify the configuration result
Display dhcp snooping configuration views the configuration information for DHCP Snooping.
Display dhcp snooping interface views the running information of DHCP Snooping under the API.
Reset dhcpsnooping user-bind vlan | interface | * reset the DHCPSnooping binding table
Dhcp snoopinguser-bind autosave file-name backs up the DHCPSnooping binding table.
Arp anti-attackcheck user-bind enable
Arp anti-attackcheck user-bind alarm enable
Arp anti-attackcheck user-bind alarm threshold 10
Arp anti-attackcheck user-bind check-item mac-address
Ip source checkuser-bind enable enables ip source guard
Ip source checkuser-bind check-item {ip-address | mac-address | vlan} * configure IP message check item
Ip source checkuser-bind alarm enable enables IP message check alarm function.
Ip source checkuser-bind alarm threshold threshold configures the IP message check alarm threshold of 100 by default.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.