上一篇：更改客户端administrator密码的几种方法 >>

解决IP地址冲突的完美方法

使用的方法是采用dhcp方式为用户分配ip，然后限定这些用户只能使用动态ip的方式，如果改成静态ip的方式则不能连接上网络；也就是使用了dhcp snooping功能。
例子：
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname c4-2_4506
!
enable password xxxxxxx!
clock timezone gmt 8
ip subnet-zero

no ip domain-lookup
!
ip dhcp snooping vlan 180-181 // 对哪些vlan 进行限制
ip dhcp snooping
ip arp inspection vlan 180-181
ip arp inspection validate src-mac dst-mac ip

errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause gbic-invalid
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause unicast-flood
errdisable recovery cause vmps
errdisable recovery cause arp-inspection
errdisable recovery interval 30
spanning-tree extend system-id
!
!

interface gigabitethernet2/1 // 对该端口接入的用户进行限制，可以下联交换机
ip arp inspection limit rate 100
arp timeout 2
ip dhcp snooping limit rate 100
!

interface gigabitethernet2/2
ip arp inspection limit rate 100
arp timeout 2
ip dhcp snooping limit rate 100
!
interface gigabitethernet2/3
ip arp inspection limit rate 100
arp timeout 2
ip dhcp snooping limit rate 100
!
interface gigabitethernet2/4
ip arp inspection limit rate 100
arp timeout 2
ip dhcp snooping limit rate 100
注：dhcp snooping

dai，dynamic arp inspection

ip source guard

dhcp interface tracker (option 82)

设备局限很大,3550---4000系列之间能用,用来防止基于内部的2层攻击,同一vlan防止私自建立dhcp server

（）

返回顶部

下一篇：免费电影与在线视频大搜捕 >>