H3C Technologies H3C WX3000 Series Unified Switches User Manual

31-11

Figure 34-7

Network diagram for IP filtering configuration

Switch

DHCP Snooping

GE1/0/2

Client C

GE1/0/1

DHCP Server

Client B

Host A

IP:1.1.1.1

MAC:0001-0001-0001

GE1/0/3

GE1/0/4

Configuration procedure

# Enable DHCP snooping on Switch.

<Switch> system-view

[Switch] dhcp-snooping

# Specify GigabitEthernet 1/0/1 as the trusted port.

[Switch] interface gigabitethernet 1/0/1

[Switch-GigabitEthernet1/0/1] dhcp-snooping trust

[Switch-GigabitEthernet1/0/1] quit

# Enable IP filtering on GigabitEthernet 1/0/2, GigabitEthernet 1/0/3, and GigabitEthernet 1/0/4 to filter
packets based on the source IP addresses/MAC addresses.

[Switch] interface gigabitethernet 1/0/2

[Switch-GigabitEthernet1/0/2] ip check source ip-address mac-address

[Switch-GigabitEthernet1/0/2] quit

[Switch] interface gigabitethernet 1/0/3

[Switch-GigabitEthernet1/0/3] ip check source ip-address mac-address

[Switch-GigabitEthernet1/0/3] quit

[Switch] interface gigabitethernet 1/0/4

[Switch-GigabitEthernet1/0/4] ip check source ip-address mac-address

[Switch-GigabitEthernet1/0/4] quit

# Create static binding entries on GigabitEthernet 1/0/2 of Switch.

[Switch] interface gigabitethernet 1/0/2

[Switch-GigabitEthernet1/0/2] ip source static binding ip-address 1.1.1.1 mac-address

0001-0001-0001

Displaying and Maintaining DHCP Snooping Configuration

To do…

Use the command…

Remarks

Display the user IP-MAC address mapping
entries recorded by the DHCP snooping
function

display dhcp-snooping

[ unit unit-id ]

Available in any
view