端口隔离

主机1可与路由器网关和主机2互通。

[Huawei-GigabitEthernet0/0/1]port-isolate enable group 1

[Huawei-GigabitEthernet0/0/2]port-isolate enable group 1

端口划分在一个端口隔离组里面，才会隔离。

[Huawei-GigabitEthernet0/0/3]port-isolate enable group 2

不在一个隔离组的客户端都可互通

-----------------------------------------------------------------------------------------------

DHCP嗅探

[DHCP]dhcp en

[DHCP]interface g0/0/2

[DHCP-GigabitEthernet0/0/2]ip address 192.168.1.1 24

[DHCP-GigabitEthernet0/0/2]dhcp select interface

[xiaomi]dhcp enable

[xiaomi]interface g0/0/1

[xiaomi-GigabitEthernet0/0/1]ip address 192.168.11.1 24

[xiaomi-GigabitEthernet0/0/1]dhcp select interface 

随机获取两个DHCP的地址。

配置思路：接入层上层朝着DHCP服务器方向的接口都为信任端口，下层用户接入都为非信任端口。

[Huawei]dhcp enable

[Huawei]dhcp snooping enable

[Huawei]dhcp snooping enable vlan 1

[Huawei-GigabitEthernet0/0/2]dhcp snooping trusted  //在对应上行接口进行信任

[Huawei]display dhcp snooping user-bind all   //查看动态学习的嗅探绑定表

DHCP Dynamic Bind-table:

Flags:O - outer vlan ,I - inner vlan ,P - map vlan

IP Address       MAC Address     VSI/VLAN(O/I/P) Interface      Lease           

--------------------------------------------------------------------------------

192.168.1.254    5489-9848-5cf3  1   /--  /--    GE0/0/1        2023.06.24-11:17

--------------------------------------------------------------------------------

print count:           1          total count:           1  

[Huawei]user-bind static  ip-address 192.168.2.2 mac-address aabb-ccdd-ffff inte

rface g0/0/4 vlan 1

//手动绑定dhcp嗅探表

[Huawei]display dhcp static user-bind all   //查看静态绑定表

DHCP static Bind-table:

Flags:O - outer vlan ,I - inner vlan ,P - map vlan

IP Address                      MAC Address     VSI/VLAN(O/I/P) Interface       

--------------------------------------------------------------------------------

192.168.2.2                     aabb-ccdd-ffff  1   /--  /--    GE0/0/4         

--------------------------------------------------------------------------------

print count:           1          total count:           1