Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual
Page 248
13-7
Figure 13-3 Network diagram for configuring dynamic IP source guard binding
Configuration procedure
1) Configure
Switch
A
# Configure dynamic IP source guard binding function on port GigabitEthernet 2/0/1 to filter
packets based on both the source IP address and MAC address.
[SwitchA] interface gigabitethernet2/0/1
[SwitchA-GigabitEthernet2/0/1] ip check source ip-address mac-address
[SwitchA-GigabitEthernet2/0/1] quit
# Enable DHCP snooping.
[SwitchA] dhcp-snooping
# Configure the port connecting to the DHCP server as a trusted port.
[SwitchA] interface gigabitethernet 2/0/2
[SwitchA-GigabitEthernet2/0/2] dhcp-snooping trust
[SwitchA-GigabitEthernet2/0/2] quit
2) Verify
the
configuration
# Check that the dynamic IP source guard binding function is configured successfully on port
GigabitEthernet 2/0/1.
[SwitchA] interface gigabitethernet 2/0/1
[SwitchA-GigabitEthernet2/0/1] display this
#
interface GigabitEthernet2/0/1
port link-mode bridge
ip check source ip-address mac-address
#
return
# Display the dynamic IP source guard binding entries that port GigabitEthernet 2/0/1 has
obtained from DHCP snooping.
[SwitchA-GigabitEthernet2/0/1] display ip check source
Total entries found: 1
MAC IP Vlan Port Status
0001-0203-0406 192.168.0.1 1 GigabitEthernet 2/0/1
DHCP-SNP
# Display the dynamic entries of DHCP snooping and check it is identical with the dynamic
entries that port GigabitEthernet 2/0/1 has obtained.
[SwitchA-GigabitEthernet2/0/1] display dhcp-snooping
DHCP Snooping is enabled.
The client binding table for all untrusted ports.
Type : D--Dynamic , S--Static
Type IP Address MAC Address Lease VLAN Interface
==== =============== ============== ============ ==== =================
D 192.168.0.1 0001-0203-0406 86335 1 GigabitEthernet2/0/1