Configuration procedure, Troubleshooting ip source guard, Symptom – H3C Technologies H3C S7500E Series Switches User Manual

13-10

Configuration procedure

1) Configure

Switch

A

# Configure the IP addresses of the interfaces (omitted).

# Configure dynamic IP source guard binding function on VLAN-interface 100 to filter packets

based on both the source IP address and MAC address.

system-view

[SwitchA] vlan 100

[SwitchA-Vlan100] quit

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] ip check source ip-address mac-address

[SwitchA-Vlan-interface100] quit

# Enable DHCP Relay.

[SwitchA] dhcp enable

# Configure the IP address of the DHCP server.

[SwitchA] dhcp relay server-group 1 ip 10.1.1.1

# Configure VLAN-interface 100 to work in DHCP relay mode.

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] dhcp select relay

# Correlate VLAN-interface 100 with DHCP server group 1.

[SwitchA-Vlan-interface100] dhcp relay server-select 1

2) Verify

the

configuration

# Display the generated dynamic IP source guard binding entries.

[SwitchA] display ip check source

Total entries found: 1

MAC IP Vlan Port Status

0001-0203-0406 192.168.0.1 100 Vlan-interface100 DHCP-RLY

Troubleshooting IP Source Guard

Can Configure Neither Static Binding Entries nor the Dynamic Binding Function

Symptom

Configuring static binding entries and the dynamic binding function fails on a port.

Analysis

IP source guard is not supported on a port that is in an aggregation group.

Solution

Remove the port from the aggregation group.