Dynamic Ipv4 Source Guard By Dhcp Relay Configuration Example - HP 12500 Series Configuration Manual

The client binding table for all untrusted ports.
Type : D--Dynamic , S--Static
Type IP Address
==== =============== ============== ============ ==== =================
D 192.168.0.1
The output shows that a dynamic IPv4 source guard entry has been generated based on the DHCP
snooping entry.
Dynamic IPv4 source guard by DHCP relay configuration
example
Network requirements
As shown in
VLAN-interface 100 and VLAN-interface 200, respectively. DHCP relay is enabled on the device. The
host (with the MAC address of 0001-0203-0406) obtains an IP address from the DHCP server through
the DHCP relay agent.
Enable the IPv4 source guard function on the device's VLAN-interface 100 to filter packets based on the
DHCP relay entries, allowing only packets from clients that obtain IP addresses from the DHCP server to
pass.
For more information about DHCP relay configuration, see Layer 3—IP Services Configuration Guide.
Figure 89 Network diagram
Configuration procedure
Configure the IPv4 source guard function:
1.
# Configure IP addresses for the interfaces. (Details not shown.)
# Configure the IPv4 source guard function on VLAN-interface 100 to filter packets based on both
the source IP address and MAC address.
<Device> system-view
[Device] vlan 100
[Device-Vlan100] quit
[Device] interface vlan-interface 100
[Device-Vlan-interface100] ip verify source ip-address mac-address
[Device-Vlan-interface100] quit
Configure the DHCP relay agent:
2.
# Enable DHCP relay.
[Device] dhcp enable
# Specify the IP address of the DHCP server.
[Device] dhcp relay server-group 1 ip 10.1.1.1
# Configure VLAN-interface 100 to operate in DHCP relay mode.
MAC Address
0001-0203-0406 86335
Figure 89, the host and the DHCP server are connected to the device through interfaces
Lease VLAN Interface
1
260
GigabitEthernet3/0/1