根據拓撲配置，要求PC1和PC2分别在不同的vlan中獲取AR1這台DHCP分配的ip地址，并且在LSW1上開啟dhcpsnpooping功能防止非法dhcp服務器接入網絡和非法用戶對于AR1的dhcp泛紅攻擊，在LSW1上開啟中繼代理功能為PC1和P2代理dhcp服務器的ip地址。

具體配置如下：

一、将AR1配置成dhcp服務器

<Huawei>system-view

[Huawei]sysname AR1

[AR1]dhcp enable

[AR1]ip pool pool1

[AR1-ip-pool-pool1]network192.168.10.0 mask 24

[AR1-ip-pool-pool1]gateway-list192.168.10.1

[AR1-ip-pool-pool1]dns-list114.114.114.114

[AR1-ip-pool-pool1]excluded-ip-address192.168.10.2

[AR1-ip-pool-pool1]quit

[AR1]ip pool pool2

[AR1-ip-pool-pool2]network192.168.20.0 mask 24

[AR1-ip-pool-pool2]gateway-list192.168.20.1

[AR1-ip-pool-pool2]dns-list114.114.114.114

[AR1-ip-pool-pool2]excluded-ip-address192.168.20.2

[AR1-ip-pool-pool2]quit

[AR1]interface g0/0/0

[AR1-GigabitEthernet0/0/0]ipaddress 12.1.1.2 24

[AR1-GigabitEthernet0/0/0]dhcpselect global

[AR1-GigabitEthernet0/0/0]quit

[AR1]ip route-static 0.0.0.00.0.0.0 12.1.1.1

二、配置LSW1成為dhcp中繼代理為vlan10和vlan20中的客戶端提供對應的dhcp中繼代理服務，并配置dhcp-snooping功能防止非法的dhcp服務器分配ip地址給客戶端。

<Huawei>system-view

[Huawei]sysnameLSW1

[LSW1]dhcp enable

[LSW1]interfaceVlanif 1

[LSW1-Vlanif1]ip address 12.1.1.1 24

[LSW1-Vlanif1]quit

[LSW1]vlan batch 10 20

[LSW1]intvlan 10

[LSW1-Vlanif10]ip address 192.168.10.1 24

[LSW1-Vlanif10]dhcp select relay

[LSW1-Vlanif10]dhcp relay server-ip 12.1.1.2

[LSW1-Vlanif10]quit

[LSW1]intvlan20

[LSW1-Vlanif20]ip address 192.168.20.1 24

[LSW1-Vlanif20]dhcp select relay

[LSW1-Vlanif20]dhcp relay server-ip 12.1.1.2

[LSW1-Vlanif20]quit

[LSW1]dhcp snooping enable

[LSW1]int g0/0/2

[LSW1-GigabitEthernet0/0/2]portlink-type access

[LSW1-GigabitEthernet0/0/2]portdefault vlan 10

[LSW1-GigabitEthernet0/0/2]dhcpsnooping enable

[LSW1-GigabitEthernet0/0/2]quit

[LSW1]int g0/0/3

[LSW1-GigabitEthernet0/0/3]portlink-type access

[LSW1-GigabitEthernet0/0/3]portdefault vlan20

[LSW1-GigabitEthernet0/0/3]dhcpsnooping enable

[LSW1-GigabitEthernet0/0/3]quit

[LSW1]ip route-static 0.0.0.00.0.0.0 12.1.1.2

三、完成配置後，可以再客戶端pc1和pc2上使用ipconfig/renew來獲取ip地址。

更多精彩资讯请关注tft每日頭條，我们将持续为您更新最新资讯!