
此配置須要在接入層作,dhcp snooping的做用是將全部接口設置成非信任接口,達到防止dhcp的欺騙
此功能只在接入層部署,同時上聯口須要配置爲信任接口(dhcp snooping trusted)
1-F-SW2
sysname 1-F-SW2
#
undo info-center enable
#
vlan 8
#全局下開啓DHCP
dhcp enable
#全局下開啓dhcp snooping
dhcp snooping enable
#針對vlan開啓dhcp snooping
vlan 8
dhcp snooping enable
#
interface Ethernet0/0/1
port link-type access
port default vlan 8
#將上鍊接口配置爲信任接口
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 8
dhcp snooping trusted
#
interface Ethernet0/0/4
port link-type access
port default vlan 8
#
return
2-F-SW2
sysname 2-F-SW2
#
undo info-center enable
#
vlan 9
#
dhcp enable
#
dhcp snooping enable
#
vlan 9
dhcp snooping enable
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 9
dhcp snooping trusted
#
interface Ethernet0/0/2
port link-type access
port default vlan 9
#
return