IP Source Guard Configuration Examples 181
Network diagram
Figure 48 Network diagram for configuring dynamic binding
Configuration procedure
1 Configure Switch A
# Configure dynamic binding on port GigabitEthernet1/0/1.
<SwitchA> system-view
[SwitchA] interface GigabitEthernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] ip check source ip-address mac-address
[SwitchA-GigabitEthernet1/0/1] quit
# Enable DHCP snooping on Switch A.
[SwitchA] dhcp-snooping
# Configure port GigabitEthernet1/0/2 connected to the DHCP server as a trusted
port.
[SwitchA] interface GigabitEthernet1/0/2
[SwitchA-GigabitEthernet1/0/2] dhcp-snooping trust
[SwitchA-GigabitEthernet1/0/2] quit
2 Verify the configuration
# Display the dynamic binding entries that port GigabitEthernet1/0/1 has obtained
from DHCP Snooping.
<SwitchA> display ip check source
The following user address bindings have been configured:
MAC IP Vlan Port Status
0001-0203-0406 192.168.0.1 1 GigabitEthernet1/0/1 DHCP-SNP
-----------------1 binding entries queried, 1 listed------------------
# Display the dynamic entries of DHCP Snooping and check it is identical with the
dynamic entries that port GigabitEthernet1/0/1 has obtained.
<SwitchA> display dhcp-snooping
DHCP Snooping is enabled.
The client binding table for all untrusted ports.
Type : D--Dynamic , S--Static
Type IP Address MAC Address Lease VLAN Interface
==== =============== ============== ============ ==== =================
D 192.168.0.1 0001-0203-0406 86335 1 GigabitEthernet1/0/1
As you see, port GigabitEthernet1/0/1 has obtained the dynamic entries generated
by DHCP Snooping after it is configured with dynamic binding function.
Client A Switch A DHCP serve
GE1/0/1 GE1/0 /2
To Next Page
Loading...
