vlan跳跃攻击打双层标记配置端口为access端口trunk模式最好是on关闭trunknegotiation本证vlan使用不用的vlan号配置trunk链路要设置允许哪些vlan通过交换机的aclipaclmacaclvlanacl配置access-list100permitip10.1.9.00.0.0.255anymacaccess-listextende

mac泛红攻击端口安全配置intf0/1descriptionaccessportswitchportmodeaccessswitchportaccessvlan2swichportport-securityswitchportport-securitymaximum2swichportport-securitymac-address0000.1111.2222switchportport-securitymac-address0000.11

交换机综合实验sw2:vlan10intf1/1swaccvlan10intvlan10ipadd192.168.1.1255.255.255.0sw4:vlan20intf1/1swmoaccswaccvlan20intvlan20ipadd192.168.2.1255.255.255.0r5:intlo0ipadd200.1.1.1255.255.255.0intf0/0noshipadd15.1.

dhcp欺骗dhcpsnooping原理：一启用后，可以将交换机的端口分为trusted接口和untrusted接口，默认在交换机上启用后，所有接口变为untrusted接口，需要手工设置trunsted接口。对于untrusted接口，只能收到dhcp请求消息，drop掉dhcp的相应消息，并且也不会向这个接口发送出dhcp的请求消息。对于