1、Dynamic ARP Inspection解析
结合DHCP Snooping,当配置了Dynamic ARP Inspection的交换机untrusted接口收到ARP信息后,交换机首先检查dhcp snooping binding,如果发现与绑定条目不一致,就丢弃收到的数据包。
2、实验拓扑
3、基础配置
IOU3配置
no ip routing
ip dhcp pool pool3
network 3.3.3.0 255.255.255.0
interface Ethernet0/0
ip address 3.3.3.3 255.255.255.0
IOU4配置
ip dhcp pool pool4
network 4.4.4.0 255.255.255.0
ip address 4.4.4.4 255.255.255.0
IOU5配置
ip address dhcp
4、DHCP Snooping配置
IOU1配置
ip dhcp snooping vlan 1
ip dhcp snooping
interface Ethernet0/1
ip dhcp snooping trust
interface Ethernet0/2
IOU2配置
ip dhcp relay information trust-all
5、Dynamic ARP Inspection配置
ip arp inspection vlan 1
ip arp inspection trust
![eNSP三层交换机配置-01[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)