Dynamic Ipv4Sg Using Dhcp Snooping Configuration Example - HP FlexNetwork 10500 Series Security Configuration Manual

[DeviceB] interface gigabitethernet 1/0/2
[DeviceB-GigabitEthernet1/0/2] ip verify source ip-address mac-address
[DeviceB-GigabitEthernet1/0/2] quit
# Configure a static IPv4SG binding for Host A.
[DeviceB] ip source binding ip-address 192.168.0.1 mac-address 0001-0203-0406
# Enable IPv4SG on GigabitEthernet 1/0/1.
[DeviceB] interface gigabitethernet 1/0/1
[DeviceB-GigabitEthernet1/0/1] ip verify source ip-address mac-address
# On GigabitEthernet 1/0/1, configure a static IPv4SG binding for Host B.
[DeviceB] interface gigabitethernet 1/0/1
[DeviceB-GigabitEthernet1/0/1] ip source binding mac-address 0001-0203-0407
[DeviceB-GigabitEthernet1/0/1] quit
Verifying the configuration
# Verify that the static IPv4SG bindings are configured successfully on Device A.
<DeviceA> display ip source binding static
Total entries found: 2
IP Address
192.168.0.1
192.168.0.3
# Verify that the static IPv4SG bindings are configured successfully on Device B.
<DeviceB> display ip source binding static
Total entries found: 2
IP Address
192.168.0.1
N/A
Dynamic IPv4SG using DHCP snooping configuration
example
Network requirements
As shown in
Perform the following tasks:
•
Enable DHCP snooping on the device to make sure the DHCP client obtains an IP address from
the authorized DHCP server. To generate a DHCP snooping entry for the DHCP client, enable
recording of client information in DHCP snooping entries.
•
Enable dynamic IPv4SG on GigabitEthernet 1/0/1 to filter incoming packets by using the
IPv4SG bindings generated based on DHCP snooping entries. Only packets from the DHCP
client are allowed to pass.
Figure 120 Network diagram
MAC Address
0001-0203-0405 GE1/0/2
0001-0203-0406 GE1/0/1
MAC Address
0001-0203-0406 N/A
0001-0203-0407 GE1/0/1
Figure 120, the host (the DHCP client) obtains an IP address from the DHCP server.
Interface
Interface
424
VLAN Type
N/A Static
N/A Static
VLAN Type
N/A Static
N/A Static