{"id":194,"date":"2009-04-30T09:57:38","date_gmt":"2009-04-30T01:57:38","guid":{"rendered":"http:\/\/www.yaoge123.com\/blog\/?p=194"},"modified":"2009-04-30T09:57:38","modified_gmt":"2009-04-30T01:57:38","slug":"%e4%bd%bf%e7%94%a8-dhcp-snooping-%e5%92%8c-dai-%e9%98%b2%e6%ad%a2arp%e6%94%bb%e5%87%bb%e5%92%8c%e7%a7%81%e8%ae%beip%e5%9c%b0%e5%9d%80","status":"publish","type":"post","link":"https:\/\/www.yaoge123.com\/blog\/archives\/194","title":{"rendered":"\u4f7f\u7528 DHCP Snooping \u548c DAI \u9632\u6b62ARP\u653b\u51fb\u548c\u79c1\u8bbeIP\u5730\u5740"},"content":{"rendered":"<p>\u3000\u3000\u4f7f\u7528DHCP Snooping\u9632\u6b62\u79c1\u8bbeDHCP Server\u5e76\u83b7\u5f97MAC-IP-\u7aef\u53e3\u7ed1\u5b9a\u8868\uff0c\u4f7f\u7528DAI\u5bf9\u6240\u6709\u7684ARP\u5305\u8fdb\u884c\u68c0\u67e5\u3002Cisco 6500\u505a\u6838\u5fc3\u65e0\u9700\u7279\u522b\u7684\u914d\u7f6e\uff0c\u5728\u63a5\u5165\u4ea4\u6362\u673a3560\u4e0a\u505a\u5982\u4e0b\u914d\u7f6e\uff1a<br \/>\n<code>!<br \/>\nip dhcp snooping vlan 5-10<\/code> \/\/\u57285-10\u8fd9\u4e9bvlan\u4e0a\u4f7f\u7528DHCP Snooping<br \/>\n<code>no ip dhcp snooping information option<br \/>\nip dhcp snooping database flash:dhcp-snooping.db<\/code><br \/>\n\/\/\u4fdd\u5b58DHCP Snooping\u7684\u7ed1\u5b9a\u8868\uff0c\u5426\u5219\u4ea4\u6362\u673a\u91cd\u542f\u5c06\u4e22\u5931\u7ed1\u5b9a\u8868<br \/>\n<code>ip dhcp snooping <\/code>\/\/\u5f00\u542fDHCP Snooping<br \/>\n<code>ip arp inspection vlan 5-10<\/code><br \/>\n\/\/\u57285-10\u8fd9\u4e9bvlan\u4e0a\u4f7f\u7528Dynamic ARP Inspection<br \/>\n<code>ip arp inspection validate src-mac dst-mac ip<\/code><br \/>\n\/\/\u68c0\u67e5ARP\u5305\u7684\u6e90MAC\u3001\u76ee\u6807MAC\u3001IP\u5730\u5740\u662f\u5426\u7b26\u5408DHCP Snooping\u7684\u7ed1\u5b9a\u8868<br \/>\n<code>ip arp inspection log-buffer entries 1024<\/code> \/\/DAI\u7684\u65e5\u5fd7\u7f13\u51b2\u533a<br \/>\n<code>ip arp inspection log-buffer logs 1 interval 60<\/code><br \/>\n\/\/\u8bbe\u7f6e\u6bcf60s\u4ea7\u751f\u4e00\u6761DAI\u65e5\u5fd7\uff0c\u5426\u5219DAI\u4f1a\u6bcf\u53d1\u73b0\u4e00\u4e2a\u975e\u6cd5ARP\u5c31\u4ea7\u751f\u4e00\u6761\u65e5\u5fd7\uff0csyslog\u4fe1\u606f\u5c31\u592a\u591a\u4e86\uff0c\u8fd9\u6837\u7684\u8bddDAI\u4f1a\u81ea\u52a8\u5408\u5e76\u4e00\u6837\u7684\u65e5\u5fd7<br \/>\n<code>!<br \/>\nerrdisable recovery cause arp-inspection<\/code><br \/>\n\/\/\u6253\u5f00\u56e0arp-inspection\u5f15\u8d77err-disabled\u7684\u81ea\u52a8\u6062\u590d<br \/>\n<code>errdisable recovery interval 60<\/code> \/\/\u8bbe\u7f6e\u81ea\u52a8\u6062\u590d\u5ef6\u65f6\u4e3a60s<br \/>\n<code>!<br \/>\ninterface FastEthernet0\/1<\/code> \/\/\u8fd9\u4e2a\u662f\u63a5\u4e0b\u9762\u8ba1\u7b97\u673a\u7684\u7aef\u53e3<br \/>\n<code> switchport access vlan 7<br \/>\n switchport mode access<br \/>\n ip arp inspection limit rate 30<\/code><br \/>\n\/\/\u8bbe\u7f6e\u6bcf\u79d2\u6700\u591a\u63a5\u653630\u4e2aARP\u5305\uff0c\u8d85\u8fc7\u5219\u8fdb\u5165err-disabled\u72b6\u6001\uff08\u539f\u56e0\u4e3aarp-inspection\uff09\u3002\u9ed8\u8ba4\u4e3a15pps\uff0c\u5b9e\u9645\u4f7f\u7528\u53d1\u73b0\u6709\u70b9\u4f4e\u3002<br \/>\n<code> ip dhcp snooping limit rate 100 <\/code>\/\/\u540c\u4e0a\u7c7b\u4f3c<br \/>\n<code>!<br \/>\ninterface GigabitEthernet0\/1 <\/code>\/\/\u4e0a\u80546500\u6216\u7ea7\u8054\u7aef\u53e3\uff0c\u914d\u7f6e\u4e00\u6837<br \/>\n<code> switchport trunk encapsulation dot1q<br \/>\n switchport mode trunk<br \/>\n ip arp inspection trust<\/code> \/\/\u8bbe\u7f6eDAI\u4fe1\u4efb\uff0c\u4e0d\u68c0\u67e5ARP\u5305<br \/>\n<code> ip dhcp snooping trust <\/code>\/\/\u8bbe\u7f6eDHCP Snooping\u4fe1\u4efb\uff0c\u4e0d\u68c0\u67e5DHCP\u5305<br \/>\n<code>!<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u3000\u3000\u4f7f\u7528DHCP Snooping\u9632\u6b62\u79c1\u8bbeDHCP Server\u5e76\u83b7\u5f97MAC-IP-\u7aef\u53e3\u7ed1\u5b9a\u8868\uff0c\u4f7f\u7528DAI\u5bf9\u6240 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[13],"tags":[208,26,27],"class_list":["post-194","post","type-post","status-publish","format-standard","hentry","category-cisco","tag-cisco","tag-dai","tag-dhcp"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paOwEq-38","_links":{"self":[{"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/posts\/194","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/comments?post=194"}],"version-history":[{"count":0,"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/posts\/194\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/media?parent=194"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/categories?post=194"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yaoge123.com\/blog\/wp-json\/wp\/v2\/tags?post=194"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}