Dynamic Ipv4 Source Guard Using Dhcp Snooping Configuration Example - HP 5920 Series Configuration Manual

Dynamic IPv4 source guard using DHCP snooping
configuration example
Network requirements
As shown in
Enable DHCP snooping on the device to record the IPv4 address and the MAC address of the host in a
DHCP snooping entry.
Enable dynamic IPv4 source guard on Ten-GigabitEthernet 1/0/1 to filter received packets based on
DHCP snooping entries, allowing only packets from the client that obtains an IP address from the DHCP
server to pass.
Figure 106 Network diagram
Configuration procedure
1. Configure the DHCP server.
For information about DHCP server configuration, see Layer 3—IP Services Configuration Guide.
2. Configure the Switch:
# Configure IP addresses for the interfaces. (Details not shown.)
# Enable DHCP snooping.
<Switch> system-view
[Switch] dhcp snooping enable
# Configure Ten-GigabitEthernet 1/0/2 as a trusted interface.
[Switch] interface ten-gigabitethernet 1/0/2
[Switch-Ten-GigabitEthernet1/0/2] dhcp snooping trust
[Switch-Ten-GigabitEthernet1/0/2] quit
# Enable IPv4 source guard on Ten-GigabitEthernet 1/0/1 and verify the source IP address and
MAC address for dynamic IP source guard.
[Switch] interface ten-gigabitethernet 1/0/1
[Switch-Ten-GigabitEthernet1/0/1] ip verify source ip-address mac-address
# Enable recording of client information in DHCP snooping entries on Ten-GigabitEthernet 1/0/1.
[Switch-Ten-GigabitEthernet1/0/1] dhcp snooping binding record
[Switch-Ten-GigabitEthernet1/0/1] quit
Verifying the configuration
# Display dynamic IPv4 source guard binding entries obtained from DHCP snooping.
[Switch] display ip source binding dhcp-snooping
Total entries found: 1
IP Address
192.168.0.1
Figure 106, the host (the DHCP client) obtains an IP address from the DHCP server.
MAC Address
0001-0203-0406 XGE1/0/1
Interface
322
VLAN Type
1 DHCP snooping