ENSP:DHCP全局+动态IP与MAC绑定-Toy模板网

这篇具有很好参考价值的文章主要介绍了ENSP:DHCP全局+动态IP与MAC绑定。希望对大家有所帮助。如果存在错误或未考虑完全的地方，请大家不吝赐教，您也可以点击"举报违法"按钮提交疑问。

IP与MAC绑定的好处：不能随意修改IP，避免IP冲突；

保护网络安全，减少ARP攻击；

保证用户合法IP不会被盗用以及滥用；

一台设备只能够固定一个。

ensp手动绑定mac地址,dhcp,MAC与IP,网络

LSW3

#
dhcp enable
#
ip pool vlan10
 gateway-list 192.168.10.254
 network 192.168.10.0 mask 255.255.255.0
 dns-list 8.8.8.8
#
ip pool vlan20
 gateway-list 192.168.20.254
 network 192.168.20.0 mask 255.255.255.0
 dns-list 8.8.8.8
#
interface Vlanif10
 ip address 192.168.10.254 255.255.255.0
 dhcp select global
#
interface Vlanif20
 ip address 192.168.20.254 255.255.255.0
 dhcp select global
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#

LSW1与LSW2

#
vlan batch 10
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
  


#
vlan batch 20
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 20
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#

查看PC1与PC2的地址获取情况

ensp手动绑定mac地址,dhcp,MAC与IP,网络

在LSW3交换机上再配置动态IP与MAC地址绑定

[Huawei]dhcp enable #使能DHCP
Info: The operation may take a few seconds. Please wait for a moment.done.
[Huawei]dhcp snooping enable  #开启了DHCP Snooping的设备将用户（DHCP客户端）的DHCP请求报文通过信任接口发送给合法的DHCP服务器
[Huawei]vlan 10	
[Huawei-vlan10]dhcp snooping enable 
[Huawei-vlan10]ip source check user-bind enable #使能IP报文检查功能
Info: Add permit rule for dynamic snooping bind-table, please wait a minute!done
.
[Huawei-vlan10]q
[Huawei]vlan 20
[Huawei-vlan20]dhcp snooping enable 
[Huawei-vlan20]ip source check user-bind enable 
Info: Add permit rule for dynamic snooping bind-table, please wait a minute!done
.
[Huawei-vlan20]q

先把PC停止运行，再启动。

不然交换机没有绑定表。

ensp手动绑定mac地址,dhcp,MAC与IP,网络在LSW3输入命令 DIS DHCP snooping user-bind all