cisco dhcp 配置

Configuring DHCPThis chapter describes how to configure Dynamic Host Configuration Protocol(DHCP).For a completedescription of the DHCP commands listed in this chapter, refer to the “DHCP Commands” chapter ofthe Cisco IOS IP and IP Routing Command Reference publication. To locate documentation of othercommands that appear in this chapter, use the command reference master index or search online.As explained in RFC2131,Dynamic Host Configuration Protocol, DHCP provides configurationparameters to Internet hosts.DHCP consists of two components:a protocol for delivering host-specificconfiguration parameters from a DHCP server to a host and a mechanism for allocating networkaddresses to hosts.DHCP is built on a client/server model,where designated DHCP server hosts allocatenetwork addresses and deliver configuration parameters to dynamically configured hosts.DHCP supports three mechanisms for IP address allocation:•Automatic allocation—DHCP assigns a permanent IP address to a client.•Dynamic allocation—DHCP assigns an IP address to a client for a limited period of time (or until the client explicitly relinquishes the address).•Manual allocation—The network administrator assigns an IP address to a client and DHCP is used simply to convey the assigned address to the client.The format of DHCP messages is based on the format of Bootstrap Protocol(BOOTP)messages,whichensures support for BOOTP relay agent functionality and interoperability between BOOTP clients andDHCP servers. BOOTP relay agents eliminate the need for deploying a DHCP server on each physicalnetwork segment. BOOTP is explained in RFC951,Bootstrap Protocol (BOOTP), and RFC1542,Clarifications and Extensions for the Bootstrap Protocol.DHCP Server OverviewThe Cisco IOS DHCP server feature is a full DHCP server implementation that assigns and manages IPaddresses from specified address pools within the router to DHCP clients.If the Cisco IOS DHCP servercannot satisfy a DHCP request from its own database, it can forward the request to one or moresecondary DHCP servers defined by the network administrator.Figure14 shows the basic steps that occur when a DHCP client requests an IP address from a DHCPserver. The client, Host A, sends a DHCPDISCOVER broadcast message to locate a Cisco IOS DHCPserver.A DHCP server offers configuration parameters(such as an IP address,a MAC address,a domainname, and a lease for the IP address) to the client in a DHCPOFFER unicast message.Configuring DHCPDHCP Server Overview Figure 14DHCP Request for an IP Address from a DHCP Server Note A DHCP client may receive offers from multiple DHCP servers and can accept any one ofthe offers; however, the client usually accepts the first offer it receives. Additionally, theoffer from the DHCP server is not a guarantee that the IP address will be allocated to theclient;however,the server usually reserves the address until the client has had a chance toformally request the address.The client returns a formal request for the offered IP address to the DHCP server in a DHCPREQUESTbroadcast message. The DHCP server confirms that the IP address has been allocated to the client byreturning a DHCPACK unicast message to the client.Note The formal request for the offered IP address (the DHCPREQUEST message) that is sentby the client is broadcast so that all other DHCP servers that received theDHCPDISCOVER broadcast message from the client can reclaim the IP addresses that theyoffered to the client.If the configuration parameters sent to the client in the DHCPOFFER unicast message bythe DHCP server are invalid (a misconfiguration error exists), the client returns aDHCPDECLINE broadcast message to the DHCP server.The DHCP server will send to the client a DHCPNAK denial broadcast message, whichmeans the offered configuration parameters have not been assigned,if an error has occurredduring the negotiation of the parameters or the client has been slow in responding to theDHCPOFFER message (the DHCP server assigned the parameters to another client)of theDHCP server.The Cisco IOS DHCP server feature offers the following benefits:•Reduced Internet access costsUsing automatic IP address assignment at each remote site substantially reduces Internet accesscosts. Static IP addresses are considerably more expensive to purchase than are automaticallyallocated IP addresses.•Reduced client configuration tasks and cost sBecause DHCP is easy to configure, it minimizes operational overhead and costs associated withdevice configuration tasks and eases deployment by nontechnical users.•Centralized managementBecause the DHCP server maintains configurations for several subnets,an administrator only needsto update a single, central server when configuration parameters change.Host A DHCP ACK (unicast)DHCPREQUEST (broadcast)DHCPOFFER (unicast)DHCPDISCOVER (broadcast)Cisco IOS DHCP server 32369Configuring DHCPDHCP Configuration Task ListBefore you configure the Cisco IOS DHCP server feature, complete the following tasks:•Identify an external File Transport Protocol(FTP),Trivial File Transfer Protocol(TFTP),or remote copy protocol (rcp) server that you will use to store the DHCP bindings database.•Identify the IP addresses that you will enable the DHCP server to assign,and the IP addresses that you will exclude.•Identify DHCP options for devices where necessary, including:–Default boot image name–Default router(s)–Domain Name System (DNS) server(s)–NetBIOS name server•Decide on a NetBIOS node type (b, p, m, or h).•Decide on a DNS domain name.DHCP Configuration Task ListThe DHCP server database is organized as a tree. The root of the tree is the address pool for naturalnetworks, branches are subnetwork address pools, and leaves are manual bindings to clients.Subnetworks inherit network parameters and clients inherit subnetwork parameters.Therefore,commonparameters,for example the domain name,should be configured at the highest(network or subnetwork)level of the tree.Note Inherited parameters can be overridden.For example,if a parameter is defined in both thenatural network and a subnetwork, the definition of the subnetwork is used.Address leases are not inherited.If a lease is not specified for an IP address,by default,theDHCP server assigns a one-day lease for the address.To configure the Cisco IOS DHCP server feature, first configure a database agent or disable conflictlogging, then configure IP addresses that the DHCP server should not assign (excluded addresses) andshould assign (a pool of available IP addresses) to requesting clients. These configuration tasks areexplained in the following sections. Each task in the following list is identified as required or optional.•Configuring a DHCP Database Agent or Disabling DHCP Conflict Logging (Required)•Excluding IP Addresses (Required)•Configuring a DHCP Address Pool (Required)•Configuring Manual Bindings (Optional)•Configuring a DHCP Server Boot File (Optional)•Configuring the Number of Ping Packets (Optional)•Configuring the Timeout Value for Ping Packets (Optional)•Enabling the Cisco IOS DHCP Server and Relay Agent Features (Optional)Configuring DHCPDHCP Configuration Task List Configuring a DHCP Database Agent or Disabling DHCP Conflict LoggingA DHCP database agent is any host, for example, an FTP, TFTP, or RCP server that stores the DHCPbindings database.You can configure multiple DHCP database agents and you can configure the intervalbetween database updates and transfers for each agent.To configure a database agent and database agentparameters, use the following command in global configuration mode:If you choose not to configure a DHCP database agent,disable the recording of DHCP address conflictson the DHCP server. To disable DHCP address conflict logging, use the following command in globalconfiguration mode:Excluding IP AddressesThe DHCP server assumes that all IP addresses in a DHCP address pool subnet are available forassigning to DHCP clients. You must specify the IP address that the DHCP server should not assign toclients. To do so, use the following command in global configuration mode:Configuring a DHCP Address PoolYou can configure a DHCP address pool with a name that is a symbolic string (such as “engineering”)or an integer (such as 0).Configuring a DHCP address pool also places you in DHCP pool configurationmode—identified by the (config-dhcp)# prompt—from which you can configure pool parameters (forexample,the IP subnet number and default router list).To configure a DHCP address pool,complete therequired tasks in the following sections.Configuring the DHCP Address Pool Name and Entering DHCP Pool Configuration ModeTo configure the DHCP address pool name and enter DHCP pool configuration mode,use the followingcommand in global configuration mode:CommandPurpose Router(config)#ip dhcp database url[timeout seconds | write-delay seconds ]Configures the database agent and the interval between database updates and database transfers.CommandPurpose Router(config)#no ip dhcp conflict logging Disables DHCP address conflict logging.CommandPurpose Router(config)#ip dhcp excluded-addresslow-address [high-address ]Specifies the IP addresses that the DHCP server should not assign to DHCP clients.CommandPurpose Router(config)# ip dhcp pool name Creates a name for the DHCP server address pool and places you in DHCPpool configuration mode (identified by the config-dhcp# prompt).Configuring DHCPDHCP Configuration Task List Configuring the DHCP Address Pool Subnet and MaskTo configure a subnet and mask for the newly created DHCP address pool,which contains the range of available IP addresses that the DHCP server may assign to clients,use the following command in DHCP pool configuration mode:Note You can not configure manual bindings within the same pool that is configured with thenetwork command.To configure manual bindings,see the “Configuring Manual Bindings”section.Configuring the Domain Name for the ClientThe domain name for a DHCP client places the client in the general grouping of networks that make up the domain.To configure a domain name string for the client,use the following command in DHCP pool configuration mode:Configuring the Domain Name System IP Servers for the ClientDHCP clients query DNS IP servers when they need to correlate host names to IP addresses. Toconfigure the DNS IP servers that are available to a DHCP client,use the following command in DHCP pool configuration mode:Configuring the NetBIOS Windows Internet Naming Service IP Servers for the ClientWindows Internet Naming Service (WINS)is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a general grouping of networks.To configure the NetBIOS WINS servers that are available to a Microsoft DHCP client,use the following command in DHCP pool configuration mode:CommandPurpose Router(config-dhcp)#network network-number[mask |/prefix-length ]Specifies the subnet network number and mask of the DHCP address pool.The prefix length specifies the number of bits that comprise theaddress prefix. The prefix is an alternative way of specifying thenetwork mask of the client.The prefix length must be preceded bya forward slash (/).CommandPurpose Router(config-dhcp)#domain-name domain Specifies the domain name for the client.CommandPurpose Router(config-dhcp)#dns-server address[address2...address8]Specifies the IP address of a DNS server that is available to a DHCP client.One IP address is required; however, you can specify up to eight IPaddresses in one command line.Configuring DHCPDHCP Configuration Task List Configuring the NetBIOS Node Type for the ClientThe NetBIOS node type for Microsoft DHCP clients can be one of four settings:broadcast,peer-to-peer,mixed, or hybrid. To configure the NetBIOS node type for a Microsoft DHCP, use the followingcommand in DHCP pool configuration mode:Configuring the Default Router for the ClientAfter a DHCP client has booted, the client begins sending packets to its default router. The IP address of the default router should be on the same subnet as the client.To configure a default router for a DHCP client, use the following command in DHCP pool configuration mode:Configuring the Address Lease TimeBy default,each IP address assigned by a DHCP server comes with a one-day lease,which is the amount of time that the address is valid.To change the lease value for an IP address,use the following command in DHCP pool configuration mode:Configuring Manual BindingsAn address binding is a mapping between the IP address and MAC address of a client. The IP address of a client can be assigned manually by an administrator or assigned automatically from a pool by aDHCP server.Manual bindings are IP addresses that have been manually mapped to the MAC addresses of hosts that are found in the DHCP database.Manual bindings are stored in NVRAM on the DHCP server.Manual bindings are just special address pools.There is no limit on the number of manual bindings but you can only configure one manual binding per host pool.CommandPurpose Router(config-dhcp)#netbios-name-serveraddress [address2...address8]Specifies the NetBIOS WINS server that is available to a Microsoft DHCP client. One address is required; however, you can specify up toeight addresses in one command line.CommandPurpose Router(config-dhcp)#netbios-node-type type Specifies the NetBIOS node type for a Microsoft DHCP mandPurpose Router(config-dhcp)#default-routeraddress [address2... address8]Specifies the IP address of the default router for a DHCP client. One IP address is required,although you can specify up to eight addresses in onecommand line.CommandPurpose Router(config-dhcp)# lease {days[hours ][minutes ]| infinite }Specifies the duration of the lease. The default is a one-day lease.Configuring DHCPDHCP Configuration Task List Automatic bindings are IP addresses that have been automatically mapped to the MAC addresses of hoststhat are found in the DHCP database.Automatic bindings are stored on a remote host called a databaseagent. The bindings are saved as text records for easy maintenance.To configure a manual binding, first create a host pool, then specify the IP address of the client andhardware address or client identifier. The hardware address is the MAC address. The client identifier,which is required for Microsoft clients(instead of hardware addresses),is formed by concatenating themedia type and the MAC address of the client. Refer to the “Address Resolution Protocol Parameters”section of RFC1700,Assigned Numbers, for a list of media type codes.To configure manual bindings, use the following commands beginning in global configuration mode:Command PurposeStep1Router(config)# ip dhcp pool name Creates a name for the a DHCP server address pool and places youin DHCP pool configuration mode—identified by the(config-dhcp)# prompt.Step2Router(config-dhcp)#host address [mask| /prefix-length]Specifies the IP address and subnet mask of the client.The prefix length specifies the number of bits that comprise the address prefix. The prefix is an alternative way of specifying the network mask of the client.The prefix length must be preceded by a forward slash(/).Step3Router(config-dhcp)# hardware-address hardware-address typeorRouter(config-dhcp)#client-identifierunique-identifier Specifies a hardware address for the client.The type value:•Indicates the protocol of the hardware platform. Strings and values are acceptable. The string options are:–ethernet–ieee802•The value options are:– 1 10Mb Ethernet– 6 IEEE 802If no type is specified, the default protocol is Ethernet.orSpecifies the distinct identification of the client in dotted hexadecimal notation, for example, 01b7.0813.8811.66, where 01 represents the Ethernet media type.Step4Router(config-dhcp)# client-name name(Optional) Specifies the name of the client using any standardASCII character. The client name should not include the domainname. For example, the name mars should not be specified as.Configuring DHCP DHCP Configuration Task ListConfiguring a DHCP Server Boot FileThe boot file is used to store the boot image for the client. The boot image is generally the operatingsystem the client uses to load.To specify a boot file for the DHCP client,use the following command inDHCP pool configuration mode:Command PurposeRouter(config-dhcp)# bootfile filename Specifies the name of the file that is used as a boot image. Configuring the Number of Ping PacketsBy default, the DHCP server pings a pool address twice before assigning the address to a requestingclient.If the ping is unanswered,the DHCP server assumes(with a high probability)that the address isnot in use and assigns the address to the requesting client. To change the number of ping packets theDHCP server should send to the pool address before assigning the address,use the following commandin global configuration mode:Command PurposeRouter(config)#ip dhcp ping packets number Specifies the number of ping packets the DHCP server sends to a pooladdress before assigning the address to a requesting client.The defaultis two packets.Configuring the Timeout Value for Ping PacketsBy default, the DHCP server waits 500milliseconds before timing out a ping packet. To change theamount of time the server waits, use the following command in global configuration mode:Command PurposeRouter(config)# ip dhcp ping timeout milliseconds Specifies the amount of time the DHCP server must wait beforetiming out a ping packet. The default 500 milliseconds. Enabling the Cisco IOS DHCP Server and Relay Agent FeaturesBy default,the Cisco IOS DHCP server and relay agent features are enabled on your router.To reenablethese features if they are disabled, use the following command in global configuration mode:Command PurposeRouter(config)#service dhcp Enables the Cisco IOS DHCP server and relay features on your router.Use the no form of this command to disable the Cisco IOS DHCP server and relayfeatures.Configuring DHCPMonitoring and Maintaining the DHCP ServerMonitoring and Maintaining the DHCP ServerTo clear DHCP server variables, use the following commands in privileged EXEC mode, as needed:Command PurposeRouter#clear ip dhcp binding address |*Deletes an automatic address binding from the DHCP database.Specifying address clears the automatic binding for a specific(client)IPaddress, whereas specifying asterisk (*) clears all automatic bindings. Router#clear ip dhcp conflict address |*Clears an address conflict from the DHCP database.Specifying addressclears the conflict for a specific IP address whereas specifying an asterisk(*) clears conflicts for all addresses.Router#clear ip dhcp server statistics Resets all DHCP server counters to 0.To enable DHCP server debugging, use the following command in privileged EXEC mode:Command PurposeRouter# debug ip dhcp server{events | packets | linkage}Enables debugging on the DHCP server.To display DHCP server information, use the following commands in EXEC mode, as needed:Command PurposeRouter> show ip dhcp binding[address]Displays a list of all bindings created on a specific DHCP server. Router> show ip dhcp conflict[address]Displays a list of all address conflicts recorded by a specific DHCP server. Router#show ip dhcp database[url]Displays recent activity on the DHCP database.Note Use this command in privileged EXEC mode.Router> show ip dhcp server statistics Displays count information about server statistics and messages sent andreceived.Configuration ExamplesThis section provides the following configuration examples:•DHCP Database Agent Configuration Example•DHCP Address Pool Configuration Example•Manual Bindings Configuration ExampleConfiguring DHCPConfiguration Examples DHCP Database Agent Configuration ExampleThe following example stores bindings on host 172.16.4.253. The file transfer protocol is FTP. Theserver should wait 2 minutes (120 seconds) before writing database changes.ip dhcp database ftp://user:password@172.16.4.253/router-dhcp write-delay 120DHCP Address Pool Configuration ExampleIn the following example, three DHCP address pools are created: one in network 172.16.0.0, one insubnetwork 172.16.1.0,and one in subnetwork 172.16.2.0.Attributes from network 172.16.0.0,such as the domain name, DNS server, NetBIOS name server, and NetBIOS node type, are inherited insubnetworks 172.16.1.0and 172.16.2.0.In each pool,clients are granted 30-day leases and all addresses in each subnetwork, except the excluded addresses, are available to the DHCP server for assigning toclients. Table 5 lists the IP addresses for the devices in three DHCP address pools.ip dhcp database ftp://user:password@172.16.4.253/router-dhcp write-delay 120ip dhcp excluded-address 172.16.1.100 172.16.1.103ip dhcp excluded-address 172.16.2.100 172.16.2.103!ip dhcp pool 0network 172.16.0.0 /16domain-name dns-server 172.16.1.102 172.16.2.102netbios-name-server 172.16.1.103 172.16.2.103netbios-node-type h-node!ip dhcp pool 1network 172.16.1.0 /24default-router 172.16.1.100 172.16.1.101lease 30!ip dhcp pool 2network 172.16.2.0 /24default-router 172.16.2.100 172.16.2.101lease 30T able 5DHCP Address Pool DevicesPool 0 (Network 172.16.0.0)Pool 1 (Subnetwork 172.16.1.0)Pool 2 (Subnetwork 172.16.2.0)DeviceIP Address Device IP Address Device IP Address Default routers–Default routers 172.16.1.100172.16.1.101Default routers 172.16.2.100172.16.2.101DNS server 172.16.1.102—172.16.2.102————NetBIOS name server 172.16.1.103—172.16.2.103————NetBIOS node type h-node ————Configuring DHCPConfiguration ExamplesManual Bindings Configuration ExampleThe following example creates a manual binding for a client named .The MAC addressof the client is 02c7.f800.0422 and the IP address of the client is 172.16.2.254.ip dhcp pool Marshost 172.16.2.254hardware-address 02c7.f800.0422 ieee802client-name MarsBecause attributes are inherited, the previous configuration is equivalent to the following:ip dhcp pool Marshost 172.16.2.254 mask 255.255.255.0hardware-address 02c7.f800.0422 ieee802client-name Marsdefault-router 172.16.2.100 172.16.2.101domain-name dns-server 172.16.1.102 172.16.2.102netbios-name-server 172.16.1.103 172.16.2.103netbios-node-type h-nodeCisco IOS IP and IP Routing Configuration GuideP1C-73Configuring DHCP Configuration ExamplesCisco IOS IP and IP Routing Configuration GuideP1C-74。

2600路由器我们标识为：Cisco进入全局模式Cisco(config)#ip dhcp pool server "server"为DHCP服务标识名，不属于命令Cisco(dhcp-config)#network 192.168.1.0 255.255.255.0Cisco(dhcp-config)#default-router 192.168.1.1Cisco(dhcp-config)#dns-server 202.96.209.5 202.96.209.133到此，基本的DHCP功能已经实现，但又有一个问题，当局域网内有一部分电脑已经手动配置过IP后，如果手动配置的电脑没有开机，其他电脑通过DHCP获取了相同的IP地址后，手动配置的电脑开机，那就会造成IP冲突。

不要紧，下面的步骤可以帮助我们解决问题。

回到全局模式Cisco(config)#ip dhcp pool client0 "client0"为另一DHCP服务标识名，使具体的IP可以映射固定的MACCisco(dhcp-config)#host 192.168.1.20 255.255.255.0Cisco(dhcp-config)#client-identifier 0100.d0b7.1af8.4f 注意“01”不为MAC地址，是用来标记MAC属于局域网的备注，添加的client0只能标识一个IP对应MAC的映射，如要标识多个IP映射MAC，需要增加多个DHCP服务标识名，如（client1,client2,client3.......）最后一个问题，局域网内一部分IP可能是用来分配给文件服务器等固定电脑的，就需要将这一部分IP预留，解决方法如下：Cisco(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.10"1...10"标识从192.168.1.1到192.168.1.10之间的地址将不会被自动分配，这个地址段可以根据实际情况进行设定。

DHCP服务器&IP Helper Address实验讲义一.实验目的本实验的目的是让学员掌握在路由器上配置DHCP服务器的方法，并通过配置帮助地址将客户向DHCP服务器发出的广播转发成定点广播，以通过路由器到达服务器。

二.实验设备Cisco路由器两部（1600系列一部，1700系列一部），带超级终端的PC机两台。

三.实验拓朴四.实验步骤1．配置路由器端口的IP地址：1）Cisco1600的配置：Cisco1600#config tCisco1600 (config)#int e0Cisco1600 (config-if)#ip address 192.168.1.1 255.255.255.0Cisco1600 (config-if)#no shutCisco1600 (config-if)#int s0Cisco1600 (config-if)#ip address 192.168.3.1 255.255.255.0Cisco1600 (config-if)#clock rate 56000Cisco1600(config-if)#no shut2）Cisco1700的配置：Cisco1700#config tCisco1700 (config)#int e0Cisco1700 (config-if)#ip address 192.168.2.1 255.255.255.0Cisco1700 (config-if)#no shutCisco1700 (config-if)#int s0Cisco1700 (config-if)#ip address 192.168.3.2 255.255.255.0Cisco1700(config-if)#no shut2．使用RIP协议作为该网络的路由协议，实现网络的动态路由配置。

完成配置后使用show ip route,show interface,show running-configuration查看路由配置的正确性或者使用ping命令验证网络之间是否完全互连。

思科cisco路由器dhcp动态分配ip地址实现⽅法本⽂实例讲述了思科cisco路由器dhcp动态分配ip地址实现⽅法。

分享给⼤家供⼤家参考，具体如下：⼀、拓扑图Router1 F0/0 <----> Switch5 F0/0Router1 E1/0 <----> VPCS V0/5Switch5 F0/1 <----> Switch1 F0/0Switch5 F0/2 <----> Switch2 F0/0Switch5 F0/3 <----> Switch3 F0/0Switch5 F0/4 <----> Switch4 F0/0Switch1 F0/1 <----> VPCS V0/1Switch2 F0/1 <----> VPCS V0/2Switch3 F0/1 <----> VPCS V0/3⼆、dhcp服务器就是通过主机分配ip的⼀项服务。

路由是通过那个⼝来分配的。

接⼏个分配⼏个。

要使客户机能从⽤作DHCP Server的路由器中⾃动获得IP地址。

三、实验要求：1、vlan之间的通信通过三层交换机来实现2、路由器为4个vlan来分配ip地址3、pc1 - 4分别属于4个部门，能够⾃动得到ip地址4、pc1 - 5直接可以ping通四、实验思路：1、⾸先配置⼆层交换机上的vlan、trunk并把接⼝加⼊vlan2、三层交换中配置vlan、trunk并启⽤ip routing路由功能3、三层交换中配置vlan ip地址，三层交换机是带有三层路由功能的交换机，也就是这台交换机的端⼝既有三层路由功能，也具有⼆层交换功能。

三层交换机端⼝默认为⼆层⼝，如果需要启⽤三层功能就需要在此端⼝输⼊no switchport命令。

运⾏router rip协议（其他协议也⾏）查看路由表 show ip router4、配置路由器dhcp服务建⽴地址持ip dhcp pool apple（apple为地址池名称可以随便起）运⾏router rip协议5、保存设置：在全局配置模式下 Router#copy running-config startup-config //保存当前的配置或 Router#write 也⾏6、查看！五、实验过程：1、配置⼆层交换机valn trunk 并将接⼝加⼊vlansw1#vlan datasw1#vlan databasesw1(vlan)#vlan 10VLAN 10 added:Name: VLAN0010sw1(vlan)#exitAPPLY completed.Exiting....sw1#conf tEnter configuration commansw1(config)#interface f0/0sw1(config-if)#sw m tsw1(config-if)#interface f0/1sw1(config-if)#sw ac vlan 10sw1(config-if)#exitsw1(config)#exitsw1#show vlan-switchsw2 - 4相同配置2、配置三层交换（vlan、trunk、vlan ip）sw3-1#vlan dasw3-1(vlan)#vlan 10VLAN 10 added:Name: VLAN0010sw3-1(vlan)#vlan 20VLAN 20 added:Name: VLAN0020sw3-1(vlan)#vlan 30VLAN 30 added:Name: VLAN0030sw3-1(vlan)#vlan 40VLAN 40 added:Name: VLAN0040sw3-1(config)#ip routing 在三层交换中启动路由功能sw3-1(config)#interface vlan 10sw3-1(config-if)#ip ad 192.168.1.1 255.255.255.0 配置vlan ipsw3-1(config-if)#no shutsw3-1(config-if)#exitsw3-1(config)#interface vlan 20sw3-1(config-if)#ip ad 192.168.2.1 255.255.255.0sw3-1(config-if)#no shutsw3-1(config-if)#exitsw3-1(config)#interface vlan 30sw3-1(config-if)#ip address 192.168.3.1 255.255.255.0sw3-1(config-if)#no shutsw3-1(config-if)#interface vlan 40sw3-1(config-if)#ip ad 192.168.4.1 255.255.255.0sw3-1(config-if)#no shutsw3-1(config-if)#exitsw3-1(config)#interface rang f0/1 - 4 配置trunksw3-1(config-if-range)#sw m tsw3-1(config-if-range)#exitsw3-1(config)#interface f0/0sw3-1(config-if)#no switchport 启动三层接⼝sw3-1(config)#interface f0/0sw3-1(config-if)#ip address 10.0.0.1 255.0.0.0 配置接⼝ipsw3-1(config-if)#no shutsw3-1(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.3 配置默认路由sw3-1(config)#router rip 启⽤rip协议sw3-1(config-router)#network 192.168.1.0sw3-1(config-router)#network 192.168.2.0sw3-1(config-router)#network 192.168.3.0sw3-1(config-router)#network 192.168.4.0sw3-1(config-router)#network 10.0.0.0查看路由表3、配置dhcp路由器dhcp(config)#interface f0/0dhcp(config-if)#ip addressdhcp(config-if)#ip address 10.0.0.3 255.0.0.0dhcp(config-if)#interface 192.168.237.1 255.255.255.0dhcp(config)#inte e1/0dhcp(config-if)#ip add 192.168.237.1 255.255.255.0dhcp(config-if)#no shutdhcp(config-if)#exitdhcp(config)#router ripdhcp(config-router)#network 10.0.0.0dhcp(config-router)#network 192.168.237.0show ip route 同上dhcp(config)#ip dhcp pool apple 建⽴地址池dhcp(dhcp-config)#network 192.168.0.0 255.255.0.04、在三层交换指定dhcp服务器即路由器的ip 地址。

CiscoDHCP配置⽅法⾸先假设两台思科路由器，R1(服务端)连接R2(客户端)，组成⼀个简单的链式局域⽹，下⾯就来实现DHCP，配置的命令及其解释如下：1、R1 dhcp服务的配置dhcp#configure terminal //进⼊全局模式dhcp(config)#service dhcp //打开dhcp功能dhcp(config)#no ip dhcp conflictlogging //关闭dhcp⽇志记录dhcp(config)#ip dhcp pool cisco //配置dhcp服务器的名称为ciscodhcp(dhcp-config)#network 192.168.1.0 255.255.255.0 //配置dhcp服务器要分配的⽹段dhcp(dhcp-config)#default-router 192.168.1.1 //配置默认⽹关为192.168.1.1dhcp(dhcp-config)#dns-server 192.168.1.1 //配置dns服务器为192.168.1.1dhcp(dhcp-config)#lease 3 //地址租⽤期限: 3天dhcp(dhcp-config)#exit //退出dhcp配置模式dhcp(config)#ip dhcp excluded-address 192.168.1.200 192.168.1.254 //配置dhcp不分配的地址2、R2客户端获取IP地址Client#configureterminal //进⼊全局模式dhcp(config)#interfacefastethernet0/0 //进⼊fastethernet0/0接⼝dhcp(config-if)#ip address dhcp //从dhcp服务器获取IP地址实例Cisco设备上设置DHCP实例⼀位客户想把DHCP SERVER迁移到6509交换机的MSFC上,要求还挺复杂:1.同时为多个VLAN的客户机分配地址2.VLAN内有部分地址采⽤⼿⼯分配的⽅式3.为客户指定⽹关、Wins服务器等4.VLAN 2的地址租⽤有效期限为1天,其它为3天5.按MAC地址为特定⽤户分配指定的IP地址最终配置如下：ip dhcp excluded-address 10.1.1.1 10.1.1.19 //不⽤于动态地址分配的地址ip dhcp excluded-address 10.1.1.240 10.1.1.254ip dhcp excluded-address 10.1.2.1 10.1.2.19!ip dhcp pool global //global是pool name，由⽤户指定network 10.1.0.0 255.255.0.0 //动态分配的地址段domain-name //为客户机配置域后缀dns-server 10.1.1.1 10.1.1.2 //为客户机配置dns服务器netbios-name-server 10.1.1.5 10.1.1.6 //为客户机配置wins服务器netbios-node-type h-node //为客户机配置节点模式（影响名称解释的顺利,如h-node=先通过wins服务器解释...）lease 3 //地址租⽤期限: 3天ip dhcp pool vlan1network 10.1.1.0 255.255.255.0 //本pool是global的⼦pool, 将从global pool继承domain-name等optiondefault-router 10.1.1.100 10.1.1.101 //为客户机配置默认⽹关!ip dhcp pool vlan2 //为另⼀VLAN配置的poolnetwork 10.1.2.0 255.255.255.0default-router 10.1.2.100 10.1.2.101lease 1!ip dhcp pool vlan1_john //总是为MAC地址为...的机器分配...地址host 10.1.1.21 255.255.255.0client-identifier 010050.bade.6384 //client-identifier=01加上客户机⽹卡地址!ip dhcp pool vlan1_tomhost 10.1.1.50 255.255.255.0client-identifier 010010.3ab1.eac8相关的DHCP调试命令：no service dhcp //停⽌DHCP服务[默认为启⽤DHCP服务]sh ip dhcp binding //显⽰地址分配情况show ip dhcp conflict //显⽰地址冲突情况clear ip dhcp binding 192.168.1.2 //清理已经分配的IPdebug ip dhcp server {events | packets | linkage} //观察DHCP服务器⼯作情况如果DHCP客户机分配不到IP地址，常见的原因有两个。

目录第1章DHCP配置命令 ............................................................. 1-11.1 DHCP服务器配置命令 ..................................................................... 1-11.1.1 bootfile...................................................................................................... 1-11.1.2 clear ip dhcp binding .............................................................................. 1-11.1.3 clear ip dhcp conflict .............................................................................. 1-21.1.4 clear ip dhcp server statistics ............................................................... 1-21.1.5 client-identifier ........................................................................................ 1-31.1.6 client-name .............................................................................................. 1-31.1.7 debug ip dhcp server .............................................................................. 1-31.1.8 default-router ........................................................................................... 1-41.1.9 dns-server ................................................................................................ 1-41.1.10 domain-name ......................................................................................... 1-41.1.11 hardware-address ................................................................................. 1-51.1.12 host ......................................................................................................... 1-51.1.13 ip dhcp conflict logging ....................................................................... 1-61.1.14 ip dhcp excluded-address .................................................................... 1-71.1.15 ip dhcp pool ........................................................................................... 1-71.1.16 ip dhcp conflict ping-detection enable ............................................... 1-71.1.17 ip dhcp ping packets ............................................................................ 1-81.1.18 ip dhcp ping timeout ............................................................................. 1-81.1.19 lease ....................................................................................................... 1-91.1.20 netbios-name-server ............................................................................. 1-91.1.21 netbios-node-type ...............................................................................1-101.1.22 network-address .................................................................................1-101.1.23 next-server ........................................................................................... 1-111.1.24 option ................................................................................................... 1-111.1.25 service dhcp ........................................................................................1-121.1.26 show ip dhcp binding .........................................................................1-121.1.27 show ip dhcp conflict .........................................................................1-131.1.28 show ip dhcp server statistics ...........................................................1-13第2章DHCP snooping 配置命令 ........................................... 2-12.1 debug ip dhcp snooping packet interface .................................... 2-12.2 debug ip dhcp snooping packet .................................................... 2-12.3 debug ip dhcp snooping update ................................................... 2-12.4 debug ip dhcp snooping event ...................................................... 2-22.5 debug ip dhcp snooping binding .................................................. 2-22.6 ip dhcp snooping ............................................................................ 2-22.7 ip dhcp snooping binding .............................................................. 2-32.8 ip dhcp snooping binding user ..................................................... 2-32.9 ip dhcp snooping binding arp ....................................................... 2-42.10 ip dhcp snooping binding dot1x ................................................. 2-42.11 ip dhcp snooping binding user-control ...................................... 2-52.12 ip dhcp snooping binding user-control max-user ..................... 2-52.13 ip dhcp snooping trust ................................................................. 2-62.14 ip dhcp snooping action .............................................................. 2-72.15 ip dhcp snooping action MaxNum .............................................. 2-72.16 ip dhcp snooping limit-rate .......................................................... 2-82.17 ip dhcp snooping information enable ......................................... 2-82.18 ip dhcp snooping option82 enable .............................................. 2-92.19 enable trustview key ................................................................... 2-102.20 ip user private packet version two ............................................ 2-10 2.21 ip user helper-address ............................................................... 2-11 2.22 show trustview status ................................................................ 2-12 2.23 show ip dhcp snooping .............................................................. 2-12第1章DHCP配置命令1.1 DHCP服务器配置命令1.1.1 bootfile命令：bootfile <filename>no bootfile功能：配置DHCP客户机启动时的导入文件名；本命令的no操作删除配置的导入文件。

CISCO的路由器（IOS12.0 T1以后），可以配置为dhcp的中继设备，DHCP的客户端设备，也可以配置为DHCP的服务器。

Cisco设备上设置DHCP实例一位客户想把DHCP SERVER迁移到6509交换机的MSFC上,要求还挺复杂:1.同时为多个VLAN的客户机分配地址2.VLAN内有部分地址采用手工分配的方式3.为客户指定网关、Wins服务器等4.VLAN 2的地址租用有效期限为1天,其它为3天5.按MAC地址为特定用户分配指定的IP地址最终配置如下：ip dhcp excluded-address 10.1.1.1 10.1.1.19 //不用于动态地址分配的地址ip dhcp excluded-address 10.1.1.240 10.1.1.254ip dhcp excluded-address 10.1.2.1 10.1.2.19!ip dhcp pool global //global是pool name，由用户指定network 10.1.0.0 255.255.0.0 //动态分配的地址段domain-name //为客户机配置域后缀dns-server 10.1.1.1 10.1.1.2 //为客户机配置dns服务器netbios-name-server 10.1.1.5 10.1.1.6 //为客户机配置wins服务器netbios-node-type h-node //为客户机配置节点模式（影响名称解释的顺利,如h-node=先通过wins服务器解释...）lease 3 //地址租用期限: 3天ip dhcp pool vlan1network 10.1.1.0 255.255.255.0 //本pool是global的子pool, 将从global pool继承domain-name等option default-router 10.1.1.100 10.1.1.101 //为客户机配置默认网关!ip dhcp pool vlan2 //为另一VLAN配置的poolnetwork 10.1.2.0 255.255.255.0default-router 10.1.2.100 10.1.2.101lease 1!ip dhcp pool vlan1_john //总是为MAC地址为...的机器分配...地址host 10.1.1.21 255.255.255.0client-identifier 010050.bade.6384 //client-identifier=01加上客户机网卡地址!ip dhcp pool vlan1_tomhost 10.1.1.50 255.255.255.0client-identifier 010010.3ab1.eac8相关的DHCP调试命令：no service dhcp //停止DHCP服务[默认为启用DHCP服务]sh ip dhcp binding //显示地址分配情况show ip dhcp conflict //显示地址冲突情况debug ip dhcp server {events | packets | linkage} //观察DHCP服务器工作情况如果DHCP客户机分配不到IP地址，常见的原因有两个。

cisco dhcp设置cisco dhcp怎么设置?相信学过思科技术的童鞋们都不会陌生，但是相对于新手来说可能就有一点点困难了。

店铺整理了相关资料，供您参考!使用cisco的2621路由器作为DHCP服务器，给下面链接的PC 机分配IP地址，默认DHCP服务时开启的，W是使用PT模拟器来做的，可能和cisco的标准配置的命令有点不同：DHCP实验拓扑：IP地址规划：R0---F0/0=192.168.1.1/24 作为下连PC机的网关192.168.1.0/24 是作为PC的分配网络地址池R0(config)#int f0/0 配置接口的IP地址R0(config-if)#ip add 192.168.1.1 255.255.255.0R0(config-if)#no shut 激活接口R0(config)#ip dhcp pool ccie 配置DHCP的地址池名字：CCIE R0(dhcp-config)#network 192.168.1.0 255.255.255.0 地址池的网络R0(dhcp-config)#default-router 192.168.1.1 分配IP地址的网关R0(dhcp-config)#dns-server 192.168.1.100 分配IP地址DNS R0(dhcp-config)#exit 退出在PC机上面使用自动获得IP地址就可以了!DHCP 命令汇总命令作用show ip dhcp pool 查看DHCP 地址池的信息show ip dhcp binding 查看DHCP 的地址绑定情况show ip dhcp database 查看DHCP 数据库show ip interface 查看接口信息debug ip dhcp server events 动态查看DHCP 服务器的事件service dhcp 开启DHCP 服务no ip dhcp conflict logging 关闭DHCP 冲突日志ip dhcp pool 配置DHCP 分配的地址池network DHCP 服务器要分配的网络和掩码default-router 默认网关domain-name 域名netbios-name-server WINS 服务器dns-server 域名服务器option 150 ip FTP 服务器lease 配置租期ip dhcp excluded-address 排除地址段ip helper-address 配置DHCP 中继的地址好了，以上就是小编为大家带来的cisco dhcp设置方法介绍，希望可以帮到大家哦!。

网络拓扑图如下：根据图示连接设备。

在本次试验中，具体端口情况如上图数字标出。

核心交换机（core ）设置为s1或者SW1，汇聚层交换机（access）设置为s2或者SW2。

IP 地址分配：Router：e0： 192.168.1.1Core：f0/1: 192.168.1.2Svi接口：Core vlan10: 172.16.10.254Vlan20: 172.16.20.254Vlan30: 172.16.30.254Access vlan10: 172.16.10.253Vlan20: 172.16.20.253Vlan30: 172.16.30.253服务器IP地址：192.168.30.1Office区域网段地址：PC1：192.168.10.1PC2：192.168.10.2路由器清空配置命令：enerase startup-configReload交换机清空配置命令：enerase startup-configdelete vlan.datReload加速命令：enconf tno ip domain lookupline con 0exec-timeout 0 0logging synhostname一、OFFICE 区域地址静态分配，防止 OFFICE 网络发生 ARP 攻击，不允许OFFICE 网段 PC 互访；STUDENTS 区域主机输入正确的学号和密码后接入网络，自动获取地址，阻止STUDENTS网段地址发生ARP攻击；1、基本配置SW1的配置：SW1(config)#vtp domain cisco //SW1配置vtp，模式为server，SW2模式为client SW1(config)#vtp password sovandSW1(config)#vtp mode serverSW1(config)#vlan 10SW1(config)#int range f0/3,f0/4 //链路捆绑SW1(config-if-range)#Channel-protocol pagpSW1(config-if-range)#Channel-group 10 mode onSW1(config)#int port-channel 10 //链路设置为trunk模式，封装802.1q协议，三层交换机默认没有封装该协议SW1(config-if)#switchport trunk encapsulation dot1qSW1(config-if)#switchport mode trunkSW2配置：SW2(config)#vtp domain ciscoSW2(config)#vtp password sovandSW2(config)#vtp mode clientSW2(config)#int range f0/3,f0/4SW2(config-if-range)#Channel-protocol pagpSW2(config-if-range)#Channel-group 10 mode onCreating a port-channel interface Port-channel 10SW2(config)#int port-channel 10SW2(config-if)#switchport trunk encapsulation dot1qSW2(config-if)#switchport mode trunkSW2(config)#int f0/1 //把f0/1,f0/2划入vlan10SW2(config-if)#switchport mode accessSW2(config-if)#switchport access vlan 10SW2(config-if)#int f0/2SW2(config-if)#switchport mode accessSW2(config-if)#switchport access vlan 102、vlan aclOffice区域禁止PC机互访：使用show int e0/0命令查看mac地址SW2(config)#mac access-list extended macaclSW2(config-ext-macl)#permit host 0007.8562.9de0 host 0007.8562.9c20 //要禁止双向通信SW2(config-ext-macl)#permit host 0007.8562.9c20 host 0007.8562.9de0SW2(config)#vlan access-map vmap 10 //禁止pc间的通信SW2(config-access-map)#match mac add macaclSW2(config-access-map)#action dropSW2(config)#vlan access-map vmap 20 //对其他数据放行，不然pc机无法ping通svi 口、网关SW2(config-access-map)#action forwardSW2(config)#vlan filter vmap vlan-list 10未使用VLAN ACL时pc1可以ping通pc2，如下图：使用VLAN ACL时pc1可以无法ping通pc2，如下图：3、Office区域静态配置ip地址时采用的ARP防护：配置如下：SW2(config)#ip arp inspection vlan 10SW2(config)#arp access-list arplistSW2(config-arp-nacl)#permit ip host 192.168.10.1 mac host 0007.8562.9de0 //ip 地址与mac地址对应表SW2(config-arp-nacl)#permit ip host 192.168.10.2 mac host 0007.8562.9c20SW2(config-arp-nacl)#ip arp inspection filter arplist vlan 10SW2(config)#int port-channel 10SW2(config-if)#ip arp inspection trust注意：配置静态arp防护（用户主机静态配置地址，不是通过DHCP获取地址），需要新建ip与mac映射表，不然pc1无法ping通svi口4、OSPF与DHCP全网起OSPF协议，使pc1可以ping通路由器。

Cisco路由器做DHCP和DNS服务器Cisco路由器作为网络设备的重要组成部分，除了实现数据转发和路由功能外，还可以承担DHCP（动态主机配置协议）和DNS（域名系统）服务器的角色。

本文将介绍如何在Cisco路由器上配置DHCP和DNS服务器，并详细解释其原理和作用。

一、概述在计算机网络中，DHCP和DNS是两个非常重要的网络协议。

DHCP协议用于自动分配IP地址给连接到网络的设备，而DNS协议则负责将域名解析为IP地址，以实现设备之间的通信。

二、Cisco路由器配置DHCP服务器1. 进入路由器的全局配置模式：```enableconfigure terminal```2. 创建一个IP地址池，指定可分配的IP地址范围、默认网关和DNS服务器：```ip dhcp pool POOL_NAMEnetwork NETWORK_ADDRESS SUBNET_MASKdefault-router DEFAULT_GATEWAYdns-server DNS_SERVER```其中，POOL_NAME为IP地址池的名称；NETWORK_ADDRESS 为网络地址；SUBNET_MASK为子网掩码；DEFAULT_GATEWAY为默认网关的IP地址；DNS_SERVER为DNS服务器的IP地址。

3. 指定DHCP租约的有效期：```lease DAY HOURS MINUTES```其中，DAY为天数，HOURS为小时数，MINUTES为分钟数。

4. 退出DHCP配置模式：```exit```5. 启用DHCP服务器：```service dhcp```三、Cisco路由器配置DNS服务器1. 进入路由器的全局配置模式：```enableconfigure terminal```2. 创建一个静态DNS解析：```ip host DOMAIN_NAME IP_ADDRESS```其中，DOMAIN_NAME为域名，IP_ADDRESS为对应的IP地址。

DHCP中继实验(cisco)最近看到大家经常由于DHCP的问题犯愁，为了让大家更明白的了解DHCP并且会配置，特此发这个贴相信大家认证看完对DHCP就会了如指掌1．配置DHCP Server（1）开启DHCP 功能r2(config)#service dhcp（2）配置DHCP 地址池r2(config)#ip dhcp poolccie1 地址池名为ccie1r2(dhcp-config)#network 10.1.1.0 255.255.255.0 可供客户端使用的地址段r2(dhcp-config)#default-router10.1.1.1 网关r2(dhcp-config)#dns-server 10.1.1.1 10.1.1.2 DNSr2(dhcp-config)#lease 1 11 租期为1 天1 小时1 分（默认为一天）r2(config)#ip dhcp poolccie2 地址池名为ccie1r2(dhcp-config)#network 20.1.1.0 255.255.255.0 可供客户端使用的地址段r2(dhcp-config)#default-router20.1.1.1 网关r2(dhcp-config)#dns-server 20.1.1.1 20.1.1.2 DNSr2(dhcp-config)#lease 1 11 租期为1 天1 小时1 分（默认一天）（3）去掉不提供给客户端的地址注：因为某些IP 地址不希望提供给客户端，比如网关地址，所以我们要将这些地址从地址池中移除，这样服务器就不会将这些地址发给客户端使用。

r2(config)#ip dhcp excluded-address10.1.1.1 10.1.1.10 移除10.1.1.1 到10.1.1.10r2(config)#ip dhcp excluded-address网段的地址发给客户，而不会错把20.1.1.0/24 网段的地址发给客户呢。

怎样配置以cisco 3560的DHCP1.同时为多个VLAN的客户机分配地址2.VLAN内有部分地址采用手工分配的方式3.为客户指定网关、Wins服务器等4.VLAN 2的地址租用有效期限为1天,其它为3天5.按MAC地址为特定用户分配指定的IP地址最终配置如下：ip dhcp excluded-address 10.1.1.1 10.1.1.19 //不用于动态地址分配的地址ip dhcp excluded-address 10.1.1.240 10.1.1.254ip dhcp excluded-address 10.1.2.1 10.1.2.19!ip dhcp pool global //global是pool name，由用户指定network 10.1.0.0 255.255.0.0 //动态分配的地址段domain-name //为客户机配置域后缀dns-server 10.1.1.1 10.1.1.2 //为客户机配置dns服务器netbios-name-server 10.1.1.5 10.1.1.6 //为客户机配置wins服务器netbios-node-type h-node //为客户机配置节点模式（影响名称解释的顺利,如h-node=先通过wins服务器解释...）lease 3 //地址租用期限: 3天ip dhcp pool vlan1network 10.1.1.0 255.255.255.0 //本pool是global的子pool, 将从global pool继承domain-name等optiondefault-router 10.1.1.100 10.1.1.101 //为客户机配置默认网关!ip dhcp pool vlan2 //为另一VLAN配置的poolnetwork 10.1.2.0 255.255.255.0default-router 10.1.2.100 10.1.2.101lease 1!ip dhcp pool vlan1_john //总是为MAC地址为...的机器分配...地址host 10.1.1.21 255.255.255.0client-identifier 010050.bade.6384 //client-identifier=01加上客户机网卡地址!ip dhcp pool vlan1_tomhost 10.1.1.50 255.255.255.0client-identifier 010010.3ab1.eac8相关的DHCP调试命令：no service dhcp //停止DHCP服务[默认为启用DHCP服务]sh ip dhcp binding //显示地址分配情况show ip dhcp conflict //显示地址冲突情况debug ip dhcp server {events | packets | linkage} //观察DHCP服务器工作情况如果DHCP客户机分配不到IP地址，常见的原因有两个。

Cisco交换机DHCP Snooping功能详述一、采用DHCP服务的常见问题架设DHCP服务器可以为客户端自动分配IP地址、掩码、默认网关、DNS服务器等网络参数，简化了网络配置，提高了管理效率。

但在DHCP服务的管理上存在一些问题，常见的有：●DHCP Server的冒充& 被过滤广告nbsp; ●DHCP Server的DOS攻击，如DHCP耗竭攻击●某些用户随便指定IP地址，造成IP地址冲突1、DHCP Server的冒充由于DHCP服务器和客户端之间没有认证机制，所以如果在网络上随意添加一台DHCP服务器，它就可以为客户端分配IP地址以及其他网络参数。

只要让该DHCP服务器分配错误的IP 地址和其他网络参数，那就会对网络造成非常大的危害。

2、DHCP Server的拒绝服务攻击通常DHCP服务器通过检查客户端发送的DHCP请求报文中的CHADDR（也就是Client MAC address）字段来判断客户端的MAC地址。

正常情况下该CHADDR字段和发送请求报文的客户端真实的MAC地址是相同的。

攻击者可以利用伪造MAC的方式发送DHCP请求，但这种攻击可以使用Cisco 交换机的端口安全特性来防止。

端口安全特性（Port Security）可以限制每个端口只使用唯一的MAC地址。

但是如果攻击者不修改DHCP请求报文的源MAC地址，而是修改DHCP报文中的CHADDR字段来实施攻击，那端口安全就不起作用了。

由于DHCP服务器认为不同的CHADDR值表示请求来自不同的客户端，所以攻击者可以通过大量发送伪造CHADDR的DHCP请求，导致DHCP服务器上的地址池被耗尽，从而无法为其他正常用户提供网络地址，这是一种DHCP耗竭攻击。

DHCP耗竭攻击可以是纯粹的DOS攻击，也可以与伪造的DHCP服务器配合使用。

当正常的DHCP服务器瘫痪时，攻击者就可以建立伪造的DHCP 服务器来为局域网中的客户端提供地址，使它们将信息转发给准备截取的恶意计算机。

Cisco实验：【DHCP配置】客户端跨⽹段通过DHCP服务器⾃动获取动态IP和固定IP地址模拟环境：R1为路由器e0/0接⼝和e0/1接⼝分别连接两个⽹段，e0/0连接⽤户区域，e0/1连接服务器区域；⽤户区域中SW1为接⼊层交换机，连接⼀台PC（R2模拟）和⼀台打印机（R5模拟）；服务器区域中连接⼀台DHCP服务器（R3模拟）；要求实现PC通过DHCP服务器⾃动获取动态IP地址，打印机通过DHCP服务器获取固定IP地址。

R2 模拟PC 获取100.1.1.0/24段内地址R5 模拟打印机获取100.1.1.200/24固定地址SW1 接⼊层交换机R1 路由器 e0/0：100.1.1.1/24；e0/1：13.1.1.1/24R3 模拟DHCP服务器 13.1.1.3/24*Cisco路由器模拟成PC，关闭路由选择协议 no ip routing，*指定⽹关 ip default-gateway x.x.x.xR1配置信息：Router>enableRouter#configure terminalRouter(config)#hostname R1R1(config)#interface ethernet 0/1R1(config-if)#ip address 13.1.1.1255.255.255.0R1(config-if)#no shutdownR1(config-if)#exitR1(config)#interface ethernet 0/0R1(config-if)#ip address 100.1.1.254255.255.255.0R1(config-if)#no shutdownR1(config-if)#ip helper-address 13.1.1.3//⽹关接⼝设置中继，实现将⽤户⽹段内的DHCP请求中继到服务器⽹段的DHCP服务器获取地址R3配置信息（DHCP Server）：Router>enableRouter#configure terminalRouter(config)#hostname ServerServer(config)#interface ethernet 0/0Server(config-if)#ip address 13.1.1.3255.255.255.0Server(config-if)#no shutdownServer(config)#service dhcp //开启DHCP服务Server(config)#ip dhcp pool CCIE //创建名为CCIE的地址池Server(dhcp-config)#network 100.1.1.0255.255.255.0//指定⽹段地址池为100.1.1.0/24Server(dhcp-config)#default-router 100.1.1.254//指定⽹关Server(dhcp-config)#dns-server 100.1.1.254//指定DNS服务器Server(dhcp-config)#domain-name //指定域名Server(dhcp-config)#lease 1030//修改租期，天时分，默认为1天Server#show run | section dhcp //查看DHCP配置信息ip dhcp pool CCIEnetwork 100.1.1.0255.255.255.0default-router 100.1.1.254dns-server 100.1.1.254domain-name lease 1030Server(config)#ip dhcp excluded-address 100.1.1.254100.1.1.254//排除范围地址不参与分配，从低地址-⾼地址的⼀个范围Server(config)#ip dhcp pool PrinterServer(dhcp-config)#host 100.1.1.200255.255.255.0//指定主机地址池Server(dhcp-config)#default-router 100.1.1.254Server(dhcp-config)#dns-server 100.1.1.254Server(dhcp-config)#domain-name Server(dhcp-config)#lease 300Server(dhcp-config)#client-identifier 01aa.bbcc.0050.00//指定客户端的ID，⽤于识别该地址分配到指定的设备；01+MAC地址⼩数点前移Server#show run | section dhcpip dhcp excluded-address 100.1.1.254ip dhcp pool CCIEnetwork 100.1.1.0255.255.255.0default-router 100.1.1.254dns-server 100.1.1.254domain-name lease 1030ip dhcp pool Printerhost 100.1.1.200255.255.255.0client-identifier 01aa.bbcc.0050.00default-router 100.1.1.254dns-server 100.1.1.254domain-name lease 3Server(config)#no ip routing //关闭路由协议，模拟成终端设备Server(config)#ip default-gateway 13.1.1.1//设置设备⽹关R2配置信息（PC）：Router>enableRouter#configure terminalRouter(config)#hostname PCPC(config)#no ip routing //关闭路由协议，模拟成终端设备PC(config)#interface ethernet 0/0PC(config-if)#ip address dhcp //DHCP获取地址PC(config-if)#no shutdownR5配置信息（Printer）：Router>enableRouter#configure terminalRouter(config)#hostname PrinterPrinter(config)#no ip routing //关闭路由协议，模拟成终端设备Printer(config)#interface ethernet 0/0Printer(config-if)#ip address dhcp client-id ethernet 0/0//DHCP⾃动获取地址，获取时出⽰连接接⼝的客户端ID⽤于匹配主机地址池中客户端ID Printer(config-if)#no shutdown。

如何设置Cisco路由器DHCP上网推荐文章cisco怎么设置用户名和密码热度：路由器设置端口映射方法是什么热度：双路由器时设置连接方法和单路由器一样吗热度：路由器UPNP是什么怎么设置热度：Linksys无线路由器怎么样设置热度：Cisco依靠自身的技术和对网络经济模式的深刻理解，成为了网络应用的成功实践者之一，那你知道如何设置Cisco路由器DHCP上网吗?下面是店铺整理的一些关于如何设置Cisco路由器DHCP上网的相关资料，供你参考。

DHCP是什么?DHCP(Dynamic Host Configuration Protocol，动态主机配置协议)是一个局域网的网络协议，使用UDP协议工作，主要有两个用途：给内部网络或网络服务供应商自动分配IP地址，给用户或者内部网络管理员作为对所有计算机作中央管理的手段，在RFC 2131中有详细的描述。

DHCP有3个端口，其中UDP67和UDP68为正常的DHCP服务端口，分别作为DHCP Server和DHCP Client的服务端口;546号端口用于DHCPv6 Client，而不用于DHCPv4，是为DHCP failover服务，这是需要特别开启的服务，DHCP failover是用来做“双机热备”的。

DHCP(Dynamic Host Configuration Protocol，动态主机配置协议)通常被应用在大型的局域网络环境中，主要作用是集中的管理、分配IP地址，使网络环境中的主机动态的获得IP地址、Gateway地址、DNS服务器地址等信息，并能够提升地址的使用率。

DHCP协议采用客户端/服务器模型，主机地址的动态分配任务由网络主机驱动。

当DHCP服务器接收到来自网络主机申请地址的信息时，才会向网络主机发送相关的地址配置等信息，以实现网络主机地址信息的动态配置。

DHCP具有以下功能：1. 保证任何IP地址在同一时刻只能由一台DHCP客户机所使用。