Configuration procedure, Ip filtering configuration example, Network requirements – H3C Technologies H3C S3600 Series Switches User Manual

4-12

Configuration procedure

# Enable DHCP snooping on the switch.

system-view

[Switch] dhcp-snooping

# Specify Ethernet 1/0/5 as the trusted port.

[Switch] interface ethernet 1/0/5

[Switch-Ethernet1/0/5] dhcp-snooping trust

[Switch-Ethernet1/0/5] quit

# Enable DHCP-snooping Option 82 support.

[Switch] dhcp-snooping information enable

# Set the remote ID sub-option in Option 82 to the system name (sysname) of the DHCP snooping

device.

[Switch] dhcp-snooping information remote-id sysname

# Set the circuit ID sub-option in DHCP packets from VLAN 1 to abcd on Ethernet 1/0/3.

[Switch] interface ethernet 1/0/3

[Switch-Ethernet1/0/3] dhcp-snooping information vlan 1 circuit-id string abcd

IP Filtering Configuration Example

Network requirements

As shown in

Figure 4-7

, Ethernet 1/0/1 of the S3600 switch is connected to the DHCP server and

Ethernet 1/0/2 is connected to Host A. The IP address and MAC address of Host A are 1.1.1.1 and

0001-0001-0001 respectively. Ethernet 1/0/3 and Ethernet 1/0/4 are connected to DHCP Client B and

Client C.

z

Enable DHCP snooping on the switch, and specify Ethernet 1/0/1 as the DHCP snooping trusted

port.

z

Enable IP filtering on Ethernet 1/0/2, Ethernet 1/0/3, and Ethernet 1/0/4 to prevent attacks to the

server from clients using fake source IP addresses.

z

Create static binding entries on the switch, so that Host A using a fixed IP address can access

external networks.