>啟動dhcp snooping:
(config)# ip dhcp snooping
在vlan 1中啟動dhcp snooping,對該vlan作DHCP設限:(vlan可單一or多個)
(config)# ip dhcp snooping vlan 1
dhcp server port / uplink port 設定,對該port作信任設置:
(config-if)# ip dhcp snooping trust
若底下還有設備,設定允許底下的設備通過:
(config)# ip dhcp snooping information option allow-untrusted
針對不信任的port設定封包流量限制:
(config-if-range)# ip dhcp snooping limit rate 1024
實際設定參考:
3750*1
2960*3
3750 設定:
ip dhcp snooping vlan 625,627,632,640,672-673
ip dhcp snooping information option allow-untrusted
ip dhcp snooping
……
interface GigabitEthernet1/0/25
…
ip dhcp snooping trust
2960設定:
ip dhcp snooping vlan 673
ip dhcp snooping
……
interface FastEthernet0/24
……
ip dhcp snooping limit rate 1024
!
…
interface GigabitEthernet0/1
…
ip dhcp snooping trust