ネットワーク備忘録

アラフォーエンジニアのネットワーク系の備忘録。twitter:@deigo25374582

JUNOS_DHCP_SNOOPING

cisco juniper

DHCP Relayもやったので、せっかくだからDHCP Snoopingの設定

まずはCiscoで確認

 

[DHCP SV]----vlan100----[gi1/0/1][Cat3750][gi1/0/2]----vlan200----[PC]

上記で確認

まずはDHCP Serverの設定

subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.2 192.168.100.6;

 

 

 そして、Ciscoの設定(STPは無効)

ip dhcp snooping vlan 200
ip dhcp snooping

 !
interface GigabitEthernet1/0/1
switchport access vlan 100
switchport mode access
ip dhcp snooping trust
!
interface GigabitEthernet1/0/2
switchport access vlan 200
switchport mode access
!
interface Vlan100
ip address 172.16.6.254 255.255.255.0
!
interface Vlan200
ip address 192.168.100.254 255.255.255.0
ip helper-address 172.16.6.100
!

 

PCでアドレス取得後にCiscoで確認

show ip dhcp snooping binding
MacAddress    IpAddress  Lease(sec) Type    VLAN Interface
------------------    ---------------  ---------- -------------   ---- --------------------
3C:97:0E:XX:XX:XX 192.168.100.3 42697 dhcp-snooping 200 GigabitEthernet1/0/2
Total number of bindings: 1 

 

これと同様にJUNOSでやってみる。

[DHCP SV]----vlan100----[gi1/0/0][EX4200][gi1/0/1]----vlan200----[PC]

ただし、今回の検証機はJUNOSのVersionが11.1のため、以前のようなDHCP Relayの投入方式ではないので、その点だけ注意

set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members v100
set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members v200

set vlans v100 vlan-id 100
set vlans v100 l3-interface vlan.100
set vlans v200 vlan-id 200
set vlans v200 l3-interface vlan.200

set interfaces vlan unit 100 family inet address 172.16.6.254/24
set interfaces vlan unit 200 family inet address 192.168.100.254/24
set ethernet-switching-options secure-access-port interface ge-0/0/0.0 dhcp-trusted
set forwarding-options helpers bootp server 172.16.6.100
set forwarding-options helpers bootp interface vlan.200
set ethernet-switching-options secure-access-port vlan v200 examine-dhcp

確認

# run show dhcp snooping binding
DHCP Snooping Information:
MAC address     IP address Lease(seconds) Type VLAN Interface
3C:97:0E:XX:XX:XX 192.168.100.3 42997    dynamic v200 ge-0/0/1.0