Dynamic Ipv4 Source Guard Using Dhcp Relay Configuration Example - HP 6125G Configuration Manual

Dynamic IPv4 source guard using DHCP relay configuration
example
Network requirements
As shown in
VLAN-interface 100 and VLAN-interface 200 respectively. DHCP relay is enabled on the switch. The host
(with the MAC address of 0001-0203-0406) obtains an IP address from the DHCP server through the
DHCP relay agent.
Enable the IPv4 source guard function on the switch's VLAN-interface 100 to filter packets based on the
DHCP relay entry, allowing only packets from clients that obtain IP addresses from the DHCP server to
pass.
Figure 71 Network diagram
Configuration procedure
Configure the IPv4 source guard function:
1.
# Configure the IP addresses of the interfaces. (Details not shown.)
# Configure the IPv4 source guard function on VLAN-interface 100 to filter packets based on both
the source IP address and MAC address.
<Switch> system-view
[Switch] vlan 100
[Switch-Vlan100] quit
[Switch] interface vlan-interface 100
[Switch-Vlan-interface100] ip verify source ip-address mac-address
[Switch-Vlan-interface100] quit
Configure the DHCP relay agent:
2.
# Enable the DHCP service.
[Switch] dhcp enable
# Configure the IP address of the DHCP server.
[Switch] dhcp relay server-group 1 ip 10.1.1.1
# Configure VLAN-interface 100 to operate in DHCP relay mode.
[Switch] interface vlan-interface 100
[Switch-Vlan-interface100] dhcp select relay
# Correlate VLAN-interface 100 with DHCP server group 1.
[Switch-Vlan-interface100] dhcp relay server-select 1
[Switch-Vlan-interface100] quit
Verifying the configuration
# Display the generated IPv4 source guard entries.
[Switch] display ip source binding
Figure 71, the host and the DHCP server are connected to the switch through interfaces
232