dhcp中继
1、路由器R1配置为dhcp server
2、R1内部接口配置为dhcp select global
3、路由器R2的内部接口配置为
dhcp select relay
dhcp relay server-ip R1的内部接口ip地址
实例:
R1:
ip pool vlan10-dhcp//dhcp配置
gateway-list 192.168.1.1
network 192.168.1.0 mask 255.255.255.0
excluded-ip-address 192.168.1.2 192.168.1.50
lease day 10 hour 0 minute 0
dns-list 9.9.9.9
interface GigabitEthernet0/0/1//对内接口
ip address 10.1.1.2 255.255.255.0
dhcp select global
R2:
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.1.1.2
端口安全(分三步)
第一步:需要隔离的接口划分隔离组
interface GigabitEthernet0/0/1//接口模式
mac-address learning disable action discard
port link-type access
port default vlan 10
port-security enable
port-isolate enable group 10
第二步:mac地址有接口和vlan绑定
//系统视图下
mac-address static 5489-985f-03c2 GigabitEthernet0/0/2 vlan 10
mac-address static 5489-98b8-52c8 GigabitEthernet0/0/1 vlan 10
第三步:不学习不符合要求(对比第二步)
interface GigabitEthernet0/0/1//接口视图
mac-address learning disable action discard
port link-type access
port default vlan 10
port-security enable
port-isolate enable group 10
第四步:打开端口安全
interface GigabitEthernet0/0/2
mac-address learning disable action discard
port link-type access
port default vlan 10
port-security enable
port-isolate enable group 10
