Network requirements, Configuration procedure, Verifying the configuration – H3C Technologies H3C S6300 Series Switches User Manual
Page 333
318
IP Address MAC Address Interface VLAN Type
192.168.0.1 0001-0203-0406 N/A N/A Static
N/A 0001-0203-0407 XGE1/0/1 N/A Static
Dynamic IPv4 source guard using DHCP snooping
configuration example
Network requirements
As shown in
, the host (the DHCP client) obtains an IP address from the DHCP server.
Enable DHCP snooping on the device to record the IPv4 address and the MAC address of the host in a
DHCP snooping entry.
Enable dynamic IPv4 source guard on Ten-GigabitEthernet 1/0/1 to filter received packets based on
DHCP snooping entries, allowing only packets from the client that obtains an IP address from the DHCP
server to pass.
Figure 103 Network diagram
Configuration procedure
1.
Configure the DHCP server.
For information about DHCP server configuration, see Layer 3—IP Services Configuration Guide.
2.
Configure the Switch:
# Configure IP addresses for the interfaces. (Details not shown.)
# Enable DHCP snooping.
[Switch] dhcp snooping enable
# Configure Ten-GigabitEthernet 1/0/2 as a trusted interface.
[Switch] interface ten-gigabitethernet 1/0/2
[Switch-Ten-GigabitEthernet1/0/2] dhcp snooping trust
[Switch-Ten-GigabitEthernet1/0/2] quit
# Enable IPv4 source guard on Ten-GigabitEthernet 1/0/1 and verify the source IP address and
MAC address for dynamic IP source guard.
[Switch] interface ten-gigabitethernet 1/0/1
[Switch-Ten-GigabitEthernet1/0/1] ip verify source ip-address mac-address
# Enable recording of client information in DHCP snooping entries on Ten-GigabitEthernet 1/0/1.
[Switch-Ten-GigabitEthernet1/0/1] dhcp snooping binding record
[Switch-Ten-GigabitEthernet1/0/1] quit
Verifying the configuration
# Display dynamic IPv4 source guard binding entries obtained from DHCP snooping.
[Switch] display ip source binding dhcp-snooping