Telegram - . ? 😎

3

, DHCP Snooping DAI (Dynamic Arp Inspection). .

 DHCP Snooping  Dynamic Arp Inspection  Cisco

DHCP Snooping DAI

DHCP . , DHCP . UpLink .

Dynamic Arp inspection. , Man-in-The-Middle. , , , , IP , , . , .


DHCP Snooping DAI

DHCP Snooping . , . DHCP Snooping DAI :

AccSwitch#conf t
AccSwitch(config)#
AccSwitch(config)#int ra gi1/0/1-46
AccSwitch(config-if-range)#ip dhcp snooping limit rate 15
AccSwitch(config-if-range)#ip arp inspection limit rate 100

, . IP . :

AccSwitch(config)#int ra gi1/0/47-48
AccSwitch(config-if-range)#ip dhcp snooping trust
AccSwitch(config-if-range)#ip arp inspection trust

DHCP Snooping, ARP Inspection:

AccSwitch(config)#ip dhcp snooping
AccSwitch(config)#ip dhcp snooping vlan 200
AccSwitch(config)#no ip dhcp snooping information option

82, DHCP , DHCP DHCP . 82 (, MAC ) , , , IP DHCP .

DAI. IP , - , , . ARP . , access-list- DAI. , . .

AccSwitch(config)#
AccSwitch(config)# arp access-list DAI
AccSwitch(config-arp-nacl)# permit ip host 192.168.200.25 mac host 0017.6111.a309

IP IP. Sorce Guard. , :

AccSwitch(config)#ip source binding 0017.6111.a309 vlan 200 192.168.200.14 interface Gi1/0/5

ip verify source, .

! , , - DHCP Snooping . DAI , . arp inspection:

AccSwitch(config)#ip arp inspection vlan 200

?


: