Configuring the global identity information – H3C Technologies H3C S12500-X Series Switches User Manual
Page 225
213
IP Address MAC Address Interface VLAN Type
192.168.0.1 0001-0203-0406 N/A N/A Static
N/A 0001-0203-0407 XGE1/0/1 N/A Static
295B
Dynamic IPv4 source guard using DHCP snooping
configuration example
517B
Network requirements
As shown in
915H
Figure 65
, the host (the DHCP client) is connected to Ten-GigabitEthernet 1/0/1 of the
device, and obtains an IP address from the DHCP server. The DHCP server is connected to
Ten-GigabitEthernet 1/0/2 of the device.
Enable DHCP snooping on the device, so that the host can obtain an IPv4 address from the valid DHCP
server and the IPv4 address and the MAC address of the host can be recorded in a DHCP snooping
entry.
Enable dynamic IPv4 source guard on Ten-GigabitEthernet 1/0/1 to filter received packets based on
DHCP snooping entries, allowing only packets from a client that obtains an IP address from the DHCP
server to pass.
Figure 65 Network diagram
518B
Configuration procedure
1.
Configure the DHCP server:
For information about DHCP server configuration, see Layer 3—IP Services Configuration Guide.
2.
Configure DHCP snooping on the device:
# Configure IP addresses for the interfaces. (Details not shown.)
# Enable DHCP snooping.
<Switch> system-view
[Switch] dhcp snooping enable
# Configure Ten-GigabitEthernet 1/0/2 as a trusted interface.
[Switch] interface ten-gigabitethernet 1/0/2
[Switch-Ten-GigabitEthernet1/0/2] dhcp snooping trust
[Switch-Ten-GigabitEthernet1/0/2] quit
3.
Enable IPv4 source guard on Ten-GigabitEthernet 1/0/1 to filter packets based on both the source
IP address and the MAC address, and enable recording of client information in DHCP snooping
entries on this interface:
[Switch] interface ten-gigabitethernet 1/0/1
[Switch-Ten-GigabitEthernet1/0/1] ip verify source ip-address mac-address
[Switch-Ten-GigabitEthernet1/0/1] dhcp snooping binding record
[Switch-Ten-GigabitEthernet1/0/1] quit