此配置須要在接入層作,dhcp snooping的做用是將全部接口設置成非信任接口,達到防止dhcp的欺騙
此功能只在接入層部署,同時上聯口須要配置爲信任接口(dhcp snooping trusted)
1-F-SW2
sysname 1-F-SW2 # undo info-center enable # vlan 8 #全局下開啓DHCP dhcp enable #全局下開啓dhcp snooping dhcp snooping enable #針對vlan開啓dhcp snooping vlan 8 dhcp snooping enable # interface Ethernet0/0/1 port link-type access port default vlan 8 #將上鍊接口配置爲信任接口 interface Ethernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 8 dhcp snooping trusted # interface Ethernet0/0/4 port link-type access port default vlan 8 # return
2-F-SW2
sysname 2-F-SW2 # undo info-center enable # vlan 9 # dhcp enable # dhcp snooping enable # vlan 9 dhcp snooping enable # interface Ethernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 9 dhcp snooping trusted # interface Ethernet0/0/2 port link-type access port default vlan 9 # return