Dynamic Ipv4 Source Guard Using Dhcp Snooping Configuration Example - HP FlexFabric 5930 Series Security Configuration Manual

Verifying the configuration
# Display static IPv4 source guard binding entries on Switch A. The output shows that the static IPv4
source guard binding entries are configured successfully.
<SwitchA> display ip source binding static
Total entries found: 2
IP Address
192.168.0.1
192.168.0.3
# Display static IPv4 source guard binding entries on Switch B. The output shows that the static IPv4
source guard binding entries are configured successfully.
<SwitchB> display ip source binding static
Total entries found: 2
IP Address
192.168.0.1
N/A
Dynamic IPv4 source guard using DHCP snooping
configuration example
Network requirements
As shown in
obtains an IP address from the DHCP server.
Enable DHCP snooping on the device to record the IPv4 address and the MAC address of the host in a
DHCP snooping entry.
Enable dynamic IPv4 source guard on FortyGigE 1/0/1 to filter received packets based on DHCP
snooping entries, allowing only packets from the client that obtains an IP address from the DHCP server
to pass.
Figure 43 Network diagram
Configuration procedure
1. Configure the DHCP server.
For more information about DHCP server configuration, see Layer 3—IP Services Configuration
Guide.
2. Configure DHCP snooping on the Switch:
# Configure IP addresses for the interfaces. (Details not shown.)
# Enable DHCP snooping.
<Switch> system-view
[Switch] dhcp snooping enable
MAC Address
0001-0203-0405 FGE1/0/2
0001-0203-0406 FGE1/0/1
MAC Address
0001-0203-0406 N/A
0001-0203-0407 FGE1/0/1
Figure 43, the host (the DHCP client) is connected to FortyGigE 1/0/1 of the device, and
Interface
Interface
149
VLAN Type
N/A Static
N/A Static
VLAN Type
N/A Static
N/A Static