94
Figure 31 Network diagram
Procedure
# Enable DHCP snooping globally.
<SwitchB> system-view
[SwitchB] dhcp snooping enable
# Configure GigabitEthernet 1/0/1 as a trusted port.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] dhcp snooping trust
[SwitchB-GigabitEthernet1/0/1] quit
# Enable recording clients' IP-to-MAC bindings on GigabitEthernet 1/0/2.
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] dhcp snooping binding record
[SwitchB-GigabitEthernet1/0/2] quit
Verifying the configuration
# Verify that the DHCP client can obtain an IP address and other configuration parameters only from
the authorized DHCP server. (Details not shown.)
# Display the DHCP snooping entry recorded for the client.
[SwitchB] display dhcp snooping binding
Example: Configuring basic DHCP snooping features for a
VLAN
Network configuration
As shown in Figure 32, Switch B is connected to the authorized DHCP server through
GigabitEthernet 1/0/1, to the unauthorized DHCP server through GigabitEthernet 1/0/3, and to the
DHCP client through GigabitEthernet 1/0/2.
Configure only the port in VLAN 100 connected to the authorized DHCP server to forward the
responses from the DHCP server. Enable the port in VLAN 100 to record clients' IP-to-MAC bindings
by reading DHCP-ACK messages received from the trusted port and the DHCP-REQUEST
messages.
To Next Page
Loading...
Need help?
General