DHCP Snooping 設定教學
Zyxel小編 Eva
文章數: 46 Zyxel Employee
情境說明
透過 DHCP Snooping 管制非法 DHCP Server使用者不慎將非法DHCP Server接在Port 5,Client A因為非法的DHCP Server,拿到錯誤的IP無法上網。
設定步驟
1. 啟用DHCP Snooping VLAN前往 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure
2. 設定DHCP Snooping Port
前往 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure > Port
3. 設定DHCP Snooping VLAN
3. 設定DHCP Snooping VLAN
前往 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure > VLAN
4. 查看DHCP Snooping Table
4. 查看DHCP Snooping Table
前往 Advanced Application > IP Source Guard > IPv4 Source Guard Setup
可查詢到Client連接的Port、取得的IP、MAC Address等資訊。
5. 驗證
Trusted Port: Port 9接合法的DHCP Server(允許分配IP給裝置)
5. 驗證
Trusted Port: Port 9接合法的DHCP Server(允許分配IP給裝置)
Untrusted Port: Port 1、5連接接電腦和非法的DHCP Server
DHCP Snooping 阻擋Untrusted Port分配IP,達到防止使用者取得錯誤IP的機會
0