1. 在LSW1创建VLAN,将接口加入到VLAN中;并配置DHCP服务器功能
[LSW1]vlan batch 10
[LSW1-GigabitEthernet0/0/1]port link-type trunk
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10
[LSW1]dhcp enable
[LSW1]int Vlanif 10
[LSW1-Vlanif10]ip add 10.1.1.10 24
[LSW1-Vlanif10]dhcp select interface
2. 在LSW2上创建VLAN,并将接口加入到VLAN中
[LSW2]vlan batch 10
[LSW2-GigabitEthernet0/0/1]port link-type access
[LSW2-GigabitEthernet0/0/1]port default vlan 10
[LSW2-GigabitEthernet0/0/2]port link-type access
[LSW2-GigabitEthernet0/0/2]port default vlan 10
[LSW2-GigabitEthernet0/0/3]port link-type trunk
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 10
3. 在PC上选择DHCP模式获取地址后,查看获得地址
4. 在LSW2上配置DHCP Snooping功能,PC1和PC2之间可以相互Ping通,PC2上会生成DHCP Snooping动态绑定表
[LSW2]dhcp enable
[LSW2]dhcp snooping enable
[LSW2-vlan10]dhcp snooping enable
[LSW2-GigabitEthernet0/0/3]dhcp snooping trusted
5. 在LSW2上配置端口隔离,PC1和PC2之间不能相互Ping通
[LSW2]port-isolate mode l2
[LSW2-GigabitEthernet0/0/1]port-isolate enable
[LSW2-GigabitEthernet0/0/2]port-isolate enable
6. 在LSW1上使能VLAN内Proxy ARP功能,PC1和PC2之间可以相互Ping通
[LSW1]int Vlanif 10
[LSW1-Vlanif10]arp-proxy inner-sub-vlan-proxy enable
7. 在LSW2上使能出口ARP检测EAI功能,
[LSW2]vlan 10
[LSW2-vlan10]dhcp snooping arp security enable
8. 在LSW2上使能端口隔离后ARP报文转发功能
[LSW2-vlan10]dhcp snooping arp security isolate-forwarding-trust
