DHCP综合实验
实验架构图
描述
通过DHCP服务按照要求给各个VLAN分配IP地址,各路由器之间运行OSPF实现动态路由学习。
配置
1. 打通各个路由器直接网络
运行OSPF即可,忽略
2. 为R1按照要求配置DHCP服务
2.1. 开启DHCP服务
[R1]dhcp enable
2.2. 配置地址池
[R1]ip pool vlan1
[R1-ip-pool-vlan1]gateway-list 172.16.1.254
[R1-ip-pool-vlan1]network 172.16.1.0 mask 255.255.255.0
[R1-ip-pool-vlan1]excluded-ip-address 172.16.1.250 172.16.1.253
[R1-ip-pool-vlan1]lease day 3 hour 0 minute 0
[R1-ip-pool-vlan1]dns-list 223.5.5.5
2.3. 配置接口地址并选择DHCP地址池
[R1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2]ip address 172.16.1.254 255.255.255.0
[R1-GigabitEthernet0/0/2]dhcp select global
2.4. 在PC1和PC2测试是否可以获取到IP地址
3. 为R3按照要求配置DHCP服务
3.1. 启动DHCP服务器
[R3]dhcp enable
3.2. 配置DHCP接口
[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2]ip address 172.16.10.254 255.255.255.0
[R3-GigabitEthernet0/0/2]dhcp select interface
[R3-GigabitEthernet0/0/2]dhcp server excluded-ip-address 172.16.10.250 172.16.10.251
[R3-GigabitEthernet0/0/2]dhcp server lease day 3 hour 0 minute 0
[R3-GigabitEthernet0/0/2]dhcp server dns-list 223.5.5.5 223.6.6.6
3.3. 配置下联交换机
[SW3]vlan10
[SW3]port-group group-member GigabitEthernet 0/0/1 Ethernet 0/0/1 to Ethernet 0/0/2
[SW3-port-group]port link-type access
[SW3-port-group]port default vlan 10
3.4. 测试PC获取地址和跨网段通信
4. 为R4按照要求配置DHCP中继服务
4.1. 开启DHCP
[R4]dhcp enable
4.2. 配置DHCP中继
[R4]interface GigabitEthernet0/0/2
[R4-GigabitEthernet0/0/2] ip address 172.16.30.254 255.255.255.0
[R4-GigabitEthernet0/0/2] dhcp select relay
[R4-GigabitEthernet0/0/2] dhcp relay server-ip 192.168.0.0
4.3. 配置R1的DHCP
[R1]ip pool vlan30
[R1-ip-pool-vlan1] gateway-list 172.16.30.254
[R1-ip-pool-vlan1] network 172.16.30.0 mask 255.255.255.0
[R1-ip-pool-vlan1] excluded-ip-address 172.16.30.250 172.16.30.253
[R1-ip-pool-vlan1] lease day 3 hour 0 minute 0
[R1-ip-pool-vlan1] dns-list 223.5.5.5 223.6.6.6
[R1]interface GigabitEthernet0/0/0
[R1-GigabitEthernet0/0/0] ip address 192.168.0.0 255.255.255.254
[R1-GigabitEthernet0/0/0] dhcp select global
4.4. 在PC测试获取地址和跨网段通信
略
配置DHCP饿死攻击防护
[SW4]dhcp enable
[SW4]dhcp snooping enable
[SW4-Ethernet0/0/1]dhcp snooping check dhcp-chaddr enable
配置仿冒DHCPServer攻击防护
[SW4]interface GigabitEthernet 0/0/1
[SW4-GigabitEthernet0/0/1]dhcp snooping trusted
配置中间人攻击防护
[SW4]arp dhcp-snooping-detect enable