260
[Device-GigabitEthernet1/0/1] quit
Verification
# Display the dynamic IPv4 source guard binding entries generated on port GigabitEthernet 1/0/1.
[Device-GigabitEthernet1/0/1] display ip check source
Total entries found: 1
MAC Address IP Address VLAN Interface Type
0001-0203-0406 192.168.0.1 1 GE1/0/1 DHCP-SNP
# Display DHCP snooping entries to see whether they are consistent with the dynamic entries generated
on GigabitEthernet 1/0/1.
[Device-GigabitEthernet1/0/1] display dhcp-snooping
DHCP Snooping is enabled.
The client binding table for all untrusted ports.
Type : D--Dynamic , S--Static
Type IP Address MAC Address Lease VLAN Interface
==== =============== ============== ============ ==== =================
D 192.168.0.1 0001-0203-0406 86335 1 GigabitEthernet1/0/1
The output shows that a dynamic IPv4 source guard entry has been generated based on the DHCP
snooping entry.
Dynamic IPv4 source guard binding by DHCP relay
configuration example
Network requirements
As shown in Figure 80, the switch connects the host and the DHCP server through interfaces VLAN-
interface 100 and VLAN-interface 200 respectively. DHCP relay is enabled on the switch. The host (with
the MAC address 0001-0203-0406) obtains an IP address from the DHCP server through the DHCP relay
agent.
Enable the dynamic IPv4 source guard binding function on interface VLAN-interface 100 to filter packets
based on DHCP relay entries.
Figure 80 Network diagram for configuring dynamic IPv4 source guard binding through DHCP relay
Switch
Vlan-int 100
Vlan-int 200
10.1.1.1/24
Host
MAC: 0001-0203-0406
DHCP serverDHCP relay agentDHCP client
Configuration procedure
1. Configure the dynamic IPv4 source guard binding function
# Configure the IP addresses of the interfaces. (details not shown)
# Configure the dynamic IPv4 source guard binding function on VLAN-interface 100 to filter packets
based on both the source IP address and MAC address.
<Switch> system-view
[Switch] vlan 100
To Next Page
Loading...
Need help?
General