waid 发表于 2018-7-10 08:54:46

cisco dhcp

dhcp  中继
  service dhcp

  ip dhcp>  ip routing
  int vlan 1
  ip helper-address XXXX
  server
  service dhcp

  ip dhcp>  ip dhcp pool pool
  network 192.168.1.0 255.255.255.0
  default-router 192.168.1.1
  exit
  ip dhcp excluded-address 192.168.1.1 192.168.1.30
  交换网络中的DHCP***与防范
  (1)DHCP server的冒充
  (2)DHCP server的DoS***
  (3)静态指定IP地址的问题
  防范
  (1)port security
  switchport port-security maximun X(没有为一台)
  switchport port-security mac-address sticky(粘,可静态绑)
  switchport port-security violation {protect/restrict/shutdown}
  (2)dhcp snooping
  将交换机端口分为trust、untrust端口,交换机会侦听来自untrust端口的每个dhcp包的内容,untrust端
页: [1]
查看完整版本: cisco dhcp