Operation Manual – DHCP
H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration
2-18
[Sysname-Ethernet1/0/2] dhcp-snooping server-guard enable
# Specify the method for handling unauthorized DHCP servers as trap on Ethernet
1/0/2.
[Sysname-Ethernet1/0/2] dhcp-snooping server-guard method trap
[Sysname-Ethernet1/0/2] quit
# Enable unauthorized DHCP server detection on Ethernet 1/0/3.
[Sysname] interface ethernet1/0/3
[Sysname-Ethernet1/0/3] dhcp-snooping server-guard enable
# Specify the method for handling unauthorized DHCP servers as shutdown on
Ethernet 1/0/3..
[Sysname-Ethernet1/0/3] dhcp-snooping server-guard method shutdown
2.5.3 IP Filtering Configuration Example
I. Network requirements
As shown in Figure 2-8, Ethernet1/0/1 of the S3100-EI switch is connected to DHCP
server and Ethernet1/0/2 is connected to Host A. The IP address and MAC address of
Host A are 1.1.1.1 and 0001-0001-0001 respectively. Ethernet1/0/3 and Ethernet1/0/4
is connected to DHCP Client B and Client C.
z Enable DHCP snooping on the switch, and specify Ethernet1/0/1 as the DHCP
snooping trusted port.
z Enable IP filtering on Ethernet1/0/2, Ethernet1/0/3, and Ethernet1/0/4 to prevent
attacks to the server from clients using fake source IP addresses.
z Create static binding entries on the switch, so that Host A using a fixed IP address
can access the external network.
To Next Page
Loading...
