Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

DHCP Snooping experiment

2025-02-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Experiment 3: DHCP Snooping

VLAN 10 created on 1.SW1 and SW2 is divided into VLAN 10 with 10.1.1.0 Compact 24 network segment.

The Fa0/24-shutdown;Fa0/23 between 2.SW is specified as Trunk

3.R4 simulates a legal DHCP server and completes the configuration of DHCP Server on R4

4.R3 simulates an illegal DHCP server and completes the configuration of DHCP Server on R3

The interface IP of 5.R1 is set to be obtained by DHCP, and the DHCP Server is viewed through show dhcplease

6. Enable DHCP Snooping on SW1 and configure DHCP snooping correctly to resolve this problem. Understand the difference between Trust and untrust in DHCP snooping. View DHCP Snooping's binding table on SW1

7. Understand Option82

8. With DHCP speed limit, the Fa0/1 interface of SW1 can receive up to 5 DHCP packets per second.

Configuration of R1

R1 (config) # int f0bin0

R1 (config-if) # ip add dhcp

R1 (config-if) # no sh

Configuration of R3

R3 (config) # int f0Let0

R3 (config-if) # ip add 10.10.1.3 255.255.255.0

R3 (config-if) # no sh

R3 (config) # ip dhcp pool ccie

R3 (dhcp-config) # network 10.1.1.0 255.255.255.0

R3 (config) # ip dhcp excluded-address 10.1.1.1 10.1.1.50

Configuration of R4

R4 (config) # int e0Let0

R4 (config-if) # ip add 10.10.1.4 255.255.255.0

R4 (config-if) # no sh

R4 (config) # ip dhcp pool wolf

R4 (dhcp-config) # network 10.1.1.0 255.255.255.0

R4 (config) # ip dhcp excluded-address 10.1.1.1 10.1.1.100

Configuration of SW1

SW1 (config) # vlan 10

SW1 (config) # int range f0amp 1-3

SW1 (config-if) # switchport mode access

SW1 (config-if) # switchport access vlan 10

SW1 (config) # int f0and24

SW1 (config-if) # shut

SW1 (config) # int f0bin23

SW1 (config-if) # switchport trunk encapsulation dot1q

SW1 (config-if) # switchport mode trunk

Configuration of SW2

SW2 (config) # vlan 10

SW2 (config) # int e0amp 4

SW2 (config-if) # switchport mode access

SW2 (config-if) # switchport access vlan 10

R1#sh dhcp lease

Temp IP addr: 10.1.1.51 for peer on Interface: FastEthernet0/0

Temp sub net mask: 255.255.255.0

DHCP Lease server: 10.1.1.3, state: 3 Bound

DHCP transaction id: 12B7

Lease: 86400 secs, Renewal: 43200 secs, Rebind: 75600 secs

Next timer fires after: 11:59:37

Retry count: 0 Client-ID: cisco-0002.4b1e.efe0-Fa0/0

# # #

SW1 (config) # ip dhcp snooping / / enable the dhcp snooping feature

SW1 (config) # ip dhcp snooping vlan 10

SW1 (config) # int f0bin23

SW1 (config-if) # ip dhcp snooping trust

SW1 (config) # no ip dhcp snooping information option / / close option82

Or R4 (config) # ip dhcp snooping trust relay information trust-all / / on the DHCP server

/ / switches with DHCP snooping enabled add option82 to discovery messages. Routers do not trust / / by default.

SW1#sh ip dhcp snooping

Switch DHCP snooping is enabled

DHCP snooping is configured on following VLANs:

ten

DHCP snooping is operational on following VLANs:

ten

Smartlog is configured on following VLANs:

None

Smartlog is operational on following VLANs:

None

DHCP snooping is configured on the following L3 Interfaces:

Insertion of option 82 is enabled

Circuit-id default format: vlan-mod-port

Remote-id: 0026.997e.1280 (MAC)

Option 82 on untrusted port is not allowed

Verification of hwaddr field is enabled

Verification of giaddr field is enabled

DHCP snooping trust/rate is configured on the following Interfaces:

Interface Trusted Allow option Rate limit (pps)

FastEthernet0/23 yes yes unlimit

SW1#sh ip dhcp snooping binding

MacAddress IpAddress Lease (sec) Type VLAN Interface

-

00:02:4B:1E:EF:E0 10.1.1.103 86108 dhcp-snooping 10 FastEthernet0/1

Total number of bindings: 1

SW1 (config) # int f0bin1

SW1 (config-if) # ip dhcp snooping limit rate 5 / / limit the receipt of 5 DHCP packets per second

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Configuration server service function interface experiment legal between opportunity message network segment route router problem speed limit limit vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple NVidia Shulou Tech Info Xiaomi Microsoft Huawei macOS vpn Docker MySQL Redmi Linux Shulou Technology Apple MariaDB Shulou Information OPPO Reno NVidia Shulou Tech Info Xiaomi Microsoft Huawei macOS vpn Docker MySQL Redmi Linux Shulou Technology Apple MariaDB Shulou Information OPPO Reno

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report