Table of Contents
Advertisement
Operation Manual – IP Source Guard
H3C S3610&S5510 Series Ethernet Switches
1.5.2 Port Filtering Configuration Example
I. Network requirements
Switch A connects to Client A and the DHCP Server through Ethernet 1/0/1 and
Ethernet 1/0/2 respectively. DHCP Snooping is enabled on Switch A.
Detailed requirements are as follows:
Client A with the MAC address of 00-01-02-03-04-06 obtains an IP address
through the DHCP Server.
On Switch A, create the DHCP Snooping entry of Client A.
Enable IP filtering on port Ethernet 1/0/1 of Switch A to prevent attacks from clients
using fake source IP addresses to the DHCP server.
Note:
For detailed configuration of DHCP Server, refer to DHCP Configuration in this manual.
II. Network diagram
Figure 1-2 Network diagram for configuring port filtering
III. Configuration procedure
1)
Configure Switch A
# Configure port filtering on port Ethernet 1/0/1.
<SwitchA> system-view
[SwitchA] interface ethernet1/0/1
[SwitchA-Ethernet1/0/1] ip check source ip-address mac-address
[SwitchA-Ethernet1/0/1] quit
# Enable DHCP snooping on Switch A.
[SwitchA] dhcp-snooping
# Configure port Ethernet 1/0/2 connected to the DHCP server as a trusted port.
[SwitchA] interface ethernet1/0/2
[SwitchA-Ethernet1/0/2] dhcp-snooping trust
[SwitchA-Ethernet1/0/2] quit
2)
Verify the configuration
Chapter 1 IP Source Guard Configuration
1-5
Advertisement
Chapters
Table of Contents
Troubleshooting
