Dynamic Ipv4 Source Guard Using Dhcp Relay Configuration Example - HP 5120 SI Series Security Configuration Manual
Hide thumbs
Also See for 5120 SI Series:
- Command reference manual (395 pages) ,
- Installation manual (48 pages) ,
- Specification (33 pages)
Table of Contents
Advertisement
D
192.168.0.1
The output shows that a dynamic IPv4 source guard entry has been generated based on the DHCP
snooping entry.
Dynamic IPv4 source guard using DHCP relay configuration
example
Network requirements
As shown in
VLAN-interface 100 and VLAN-interface 200, respectively. DHCP relay is enabled on the switch. The
host (with the MAC address 0001-0203-0406) obtains an IP address from the DHCP server through
DHCP relay.
Enable the dynamic IPv4 source guard on interface VLAN-interface 100 to filter packets based on DHCP
relay entries.
Figure 102 Network diagram
Configuration procedure
1.
Configure the dynamic IPv4 source guard
# Configure the IP addresses of the interfaces. (Omitted)
# Configure dynamic IPv4 source guard on VLAN-interface 100 to filter packets based on both the
source IP address and MAC address.
<Switch> system-view
[Switch] vlan 100
[Switch-Vlan100] quit
[Switch] interface vlan-interface 100
[Switch-Vlan-interface100] ip check source ip-address mac-address
[Switch-Vlan-interface100] quit
2.
Configure DHCP relay
# Enable DHCP relay.
[Switch] dhcp enable
# Configure the IP address of the DHCP server.
[Switch] dhcp relay server-group 1 ip 10.1.1.1
# Configure VLAN-interface 100 to work in DHCP relay mode.
[Switch] interface vlan-interface 100
[Switch-Vlan-interface100] dhcp select relay
# Correlate VLAN-interface 100 with DHCP server group 1.
[Switch-Vlan-interface100] dhcp relay server-select 1
[Switch-Vlan-interface100] quit
0001-0203-0406 86335
Figure
107, the switch connects the host and the DHCP server through interfaces
1
GigabitEthernet1/0/1
299
Advertisement
Table of Contents
Troubleshooting
