DHCP综合实验

实验架构图

image

描述

通过DHCP服务按照要求给各个VLAN分配IP地址,各路由器之间运行OSPF实现动态路由学习。

配置

1. 打通各个路由器直接网络

运行OSPF即可,忽略

2. 为R1按照要求配置DHCP服务

2.1. 开启DHCP服务

[R1]dhcp enable

2.2. 配置地址池

[R1]ip pool vlan1
[R1-ip-pool-vlan1]gateway-list 172.16.1.254
[R1-ip-pool-vlan1]network 172.16.1.0 mask 255.255.255.0
[R1-ip-pool-vlan1]excluded-ip-address 172.16.1.250 172.16.1.253
[R1-ip-pool-vlan1]lease day 3 hour 0 minute 0
[R1-ip-pool-vlan1]dns-list 223.5.5.5

2.3. 配置接口地址并选择DHCP地址池

[R1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2]ip address 172.16.1.254 255.255.255.0 
[R1-GigabitEthernet0/0/2]dhcp select global

2.4. 在PC1和PC2测试是否可以获取到IP地址

image
image

3. 为R3按照要求配置DHCP服务

3.1. 启动DHCP服务器

[R3]dhcp enable

3.2. 配置DHCP接口

[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2]ip address 172.16.10.254 255.255.255.0
[R3-GigabitEthernet0/0/2]dhcp select interface
[R3-GigabitEthernet0/0/2]dhcp server excluded-ip-address 172.16.10.250 172.16.10.251
[R3-GigabitEthernet0/0/2]dhcp server lease day 3 hour 0 minute 0
[R3-GigabitEthernet0/0/2]dhcp server dns-list 223.5.5.5 223.6.6.6

3.3. 配置下联交换机

[SW3]vlan10
[SW3]port-group group-member GigabitEthernet 0/0/1 Ethernet 0/0/1 to Ethernet 0/0/2
[SW3-port-group]port link-type access
[SW3-port-group]port default vlan 10

3.4. 测试PC获取地址和跨网段通信

image

4. 为R4按照要求配置DHCP中继服务

4.1. 开启DHCP

[R4]dhcp enable

4.2. 配置DHCP中继

[R4]interface GigabitEthernet0/0/2
[R4-GigabitEthernet0/0/2] ip address 172.16.30.254 255.255.255.0
[R4-GigabitEthernet0/0/2] dhcp select relay
[R4-GigabitEthernet0/0/2] dhcp relay server-ip 192.168.0.0

4.3. 配置R1的DHCP

[R1]ip pool vlan30
[R1-ip-pool-vlan1] gateway-list 172.16.30.254
[R1-ip-pool-vlan1] network 172.16.30.0 mask 255.255.255.0
[R1-ip-pool-vlan1] excluded-ip-address 172.16.30.250 172.16.30.253
[R1-ip-pool-vlan1] lease day 3 hour 0 minute 0
[R1-ip-pool-vlan1] dns-list 223.5.5.5 223.6.6.6
[R1]interface GigabitEthernet0/0/0
[R1-GigabitEthernet0/0/0] ip address 192.168.0.0 255.255.255.254
[R1-GigabitEthernet0/0/0] dhcp select global

4.4. 在PC测试获取地址和跨网段通信

配置DHCP饿死攻击防护

[SW4]dhcp enable
[SW4]dhcp snooping enable
[SW4-Ethernet0/0/1]dhcp snooping check dhcp-chaddr enable

配置仿冒DHCPServer攻击防护

[SW4]interface GigabitEthernet 0/0/1
[SW4-GigabitEthernet0/0/1]dhcp snooping trusted

配置中间人攻击防护

[SW4]arp dhcp-snooping-detect enable
posted @ 2025-08-04 19:28  liy36  阅读(8)  评论(0)    收藏  举报