1、Dynamic ARP Inspection解析
结合DHCP Snooping,当配置了Dynamic ARP Inspection的交换机untrusted接口收到ARP信息后,交换机首先检查dhcp snooping binding,如果发现与绑定条目不一致,就丢弃收到的数据包。
2、实验拓扑
3、基础配置
IOU3配置
no ip routing
ip dhcp pool pool3
network 3.3.3.0 255.255.255.0
interface Ethernet0/0
ip address 3.3.3.3 255.255.255.0
IOU4配置
no ip routing
ip dhcp pool pool4
network 4.4.4.0 255.255.255.0
interface Ethernet0/0
ip address 4.4.4.4 255.255.255.0
IOU5配置
interface Ethernet0/0
ip address dhcp
4、DHCP Snooping配置
IOU1配置
ip dhcp snooping vlan 1
ip dhcp snooping
interface Ethernet0/1
ip dhcp snooping trust
interface Ethernet0/2
ip dhcp snooping trust
IOU2配置
ip dhcp snooping vlan 1
ip dhcp snooping
interface Ethernet0/2
ip dhcp snooping trust
IOU3配置
ip dhcp relay information trust-all
IOU4配置
ip dhcp relay information trust-all
5、Dynamic ARP Inspection配置
IOU1配置
ip arp inspection vlan 1
interface Ethernet0/1
ip arp inspection trust
interface Ethernet0/2
ip arp inspection trust
IOU2配置
ip arp inspection vlan 1
interface Ethernet0/2
ip arp inspection trus
本文转自开源殿堂 51CTO博客,原文链接:http://blog.51cto.com/kaiyuandiantang/1734179,如需转载请自行联系原作者
