機房防ARP,防偷IP 設定。

要求每台機子獨立vlan,且不能浪費公網IP. 機房分配:1.1.1.0/28 登陸路由新建VLAN,ether3 是和交換機的對聯口,有多少IP做多少個VLAN /interface vlan add interface=ether3 name=vlan100 vlan-id=100 add interface=ether3 name=vlan101 vlan-id=101 add interface=ether3 name=vlan102 vlan-id=102 add interface=ether3 name=vlan103 vlan-id=103 add interface=ether3 name=vlan104 vlan-id=104 add interface=ether3 name=vlan105 vlan-id=105 add interface=ether3 name=vlan106 vlan-id=106 add interface=ether3 name=vlan107 vlan-id=107 add interface=ether3 name=vlan108 vlan-id=108 add interface=ether3 name=vlan109 vlan-id=109 add interface=ether3 name=vlan110 vlan-id=110 add interface=ether3 name=vlan111 vlan-id=111 add interface=ether3 name=vlan112 vlan-id=112 add interface=ether3 name=vlan113 vlan-id=113 add interface=ether3 name=vlan114 vlan-id=114 add interface=ether3 name=vlan115 vlan-id=115 新增Gateway IP.取分配網段254 即可,反正是假Gateway,然後應用到每個VLAN. /ip address add address=1.1.1.254 interface=vlan100 network=1.1.1.254 add address=1.1.1.254 interface=vlan101 network=1.1.1.254 add address=1.1.1.254 interface=vlan102 network=1.1.1.254 add address=1.1.1.254 interface=vlan103 network=1.1.1.254 add address=1.1.1.254 interface=vlan104 network=1.1.1.254 add address=1.1.1.254 interface=vlan105 network=1.1.1.254 add address=1.1.1.254 interface=vlan106 network=1.1.1.254 add address=1.1.1.254 interface=vlan107 network=1.1.1.254 add address=1.1.1.254 interface=vlan108 network=1.1.1.254 add address=1.1.1.254 interface=vlan109 network=1.1.1.254 add address=1.1.1.254 interface=vlan110 network=1.1.1.254 add address=1.1.1.254 interface=vlan111 network=1.1.1.254 add address=1.1.1.254 interface=vlan112 network=1.1.1.254 add address=1.1.1.254 interface=vlan113 network=1.1.1.254 add address=1.1.1.254 interface=vlan114 network=1.1.1.254 add address=1.1.1.254 interface=vlan115 network=1.1.1.254 登入交換機,在交換機和路由的對聯口設置trunk. interfaces { ge-0/0/0 { unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ vlan100 vlan101 vlan102 vlan103 vlan104 vlan105 vlan106 vlan107 vlan108 vlan109 vlan110 vlan111 vlan112 vlan113 vlan114 vlan115 ]; } } } } top edit vlan set vlan100 vlan-id 100 set vlan100 vlan-id 101 set vlan100 vlan-id 102 set vlan100 vlan-id 103 set vlan100 vlan-id 104 set vlan100 vlan-id 105 set vlan100 vlan-id 106 set vlan100 vlan-id 106 set vlan100 vlan-id 107 set vlan100 vlan-id 108 set vlan100 vlan-id 109 set vlan100 vlan-id 110 set vlan100 vlan-id 111 set vlan100 vlan-id 112 set vlan100 vlan-id 113 set vlan100 vlan-id 114 set vlan100 vlan-id 115 針對服務器網絡端口設定vlan ge-0/0/2 接了一台服務器 set vlan vlan100 interface ge-0/0/2 commit 然後回到路由,給在交換機2號口的服務器分配IP.例如1.1.1.2-1.1.1.5 給在VLAN100的機子用。 /ip route add distance=1 dst-address=1.1.1.2/32 gateway=vlan100 add distance=1 dst-address=1.1.1.3/32 gateway=vlan100 add distance=1 dst-address=1.1.1.4/32 gateway=vlan100 add distance=1 dst-address=1.1.1.5/32 gateway=vlan100 然後服務器設置IP IP: 1.1.1.2 255.255.255.0 1.1.1.1 即可使用。無法ARP,也無法偷其他未分配的IP。
本博客所有文章如无特别注明均为原创。作者:樱木复制或转载请以超链接形式注明转自 EFE
原文地址《機房防ARP,防偷IP 設定。
分享到:更多

发表评论

路人甲 表情
Ctrl+Enter快速提交

网友评论(0)