407
• Enable DHCP snooping on the switch to make sure the DHCP client obtains an IP address from
the authorized DHCP server. To generate a DHCP snooping entry for the DHCP client, enable
recording of client information in DHCP snooping entries.
• Enable dynamic IPv4SG on GigabitEthernet 1/0/1 to filter incoming packets by using the
IPv4SG bindings generated based on DHCP snooping entries. Only packets from the DHCP
client are allowed to pass.
Figure 118 Network diagram
Configuration procedure
1. Configure the DHCP server.
For information about DHCP server configuration, see Layer 3—IP Services Configuration
Guide.
2. Configure the switch:
# Configure IP addresses for the interfaces. (Details not shown.)
# Enable DHCP snooping.
<Switch> system-view
[Switch] dhcp snooping enable
# Configure GigabitEthernet 1/0/2 as a trusted interface.
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] dhcp snooping trust
[Switch-GigabitEthernet1/0/2] quit
# Enable IPv4SG on GigabitEthernet 1/0/1 and verify the source IP address and MAC address
for dynamic IPSG.
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] ip verify source ip-address mac-address
# Enable recording of client information in DHCP snooping entries on GigabitEthernet 1/0/1.
[Switch-GigabitEthernet1/0/1] dhcp snooping binding record
[Switch-GigabitEthernet1/0/1] quit
Verifying the configuration
# Verify that a dynamic IPv4SG binding is generated based on a DHCP snooping entry
[Switch] display ip source binding dhcp-snooping
Total entries found: 1
IP Address MAC Address Interface VLAN Type
192.168.0.1 0001-0203-0406 GE1/0/1 1 DHCP snooping
Dynamic IPv4SG using DHCP relay agent configuration
example
Network requirements
As shown in Figure 119, DHCP relay agent is enabled on the switch. The host obtains an IP address
from the DHCP server through the DHCP relay agent.
Host
MAC: 0001-
0203
-0406
Switch
DHCP server
GE1/0/1
GE1
/0
/
2
DHCP snoopingDHCP client
To Next Page
Loading...
Need help?
General