HP 6125G Configuration Manual page 241
Security configuration guide
Hide thumbs
Also See for 6125G:
- Command reference manual (426 pages) ,
- Configuration manual (379 pages) ,
- Release note (60 pages)
Table of Contents
Advertisement
Figure 70 Network diagram
Configuration procedure
Configure DHCP snooping.
1.
# Enable DHCP snooping.
<Device> system-view
[Device] dhcp-snooping
# Configure port GigabitEthernet 1/0/2, which is connected to the DHCP server, as a trusted
port.
[Device] interface gigabitethernet1/0/2
[Device-GigabitEthernet1/0/2] dhcp-snooping trust
[Device-GigabitEthernet1/0/2] quit
Configure the IPv4 source guard function.
2.
# Configure the IPv4 source guard function on port GigabitEthernet 1/0/1 to filter packets based
on both the source IP address and MAC address.
[Device] interface gigabitethernet1/0/1
[Device-GigabitEthernet1/0/1] ip verify source ip-address mac-address
[Device-GigabitEthernet1/0/1] quit
Verifying the configuration
# Display the IPv4 source guard entries generated on port GigabitEthernet 1/0/1.
[Device] display ip source binding
Total entries found: 1
MAC Address
0001-0203-0406
# Display DHCP snooping entries to see whether they are consistent with the dynamic entries generated
on GigabitEthernet 1/0/1.
[Device] display dhcp-snooping
DHCP snooping is enabled.
The client binding table for all untrusted ports.
Type : D--Dynamic , S--Static , R--Recovering
Type IP Address
==== =============== ============== ============ ==== ===== =================
D
192.168.0.1
---
1 dhcp-snooping item(s) found
The output shows that a dynamic IPv4 source guard entry has been generated based on the DHCP
snooping entry.
IP Address
VLAN
192.168.0.1
1
MAC Address
Lease
0001-0203-0406 86335
231
Interface
GE1/0/1
VLAN SVLAN Interface
1
N/A
---
Type
DHCP-SNP
GigabitEthernet1/0/1
Advertisement
Table of Contents
Troubleshooting
