Table of Contents
Advertisement
•
Enable DHCP snooping on the switch to make sure the DHCP client obtains an IP address from
the authorized DHCP server. To generate a DHCP snooping entry for the DHCP client, enable
recording of client information in DHCP snooping entries.
•
Enable dynamic IPv4SG on FortyGigE 1/1/1 to filter incoming packets by using the IPv4SG
bindings generated based on DHCP snooping entries. Only packets from the DHCP client are
allowed to pass.
Figure 118 Network diagram
Configuration procedure
1.
Configure the DHCP server.
For information about DHCP server configuration, see Layer 3—IP Services Configuration
Guide.
2.
Configure the switch:
# Configure IP addresses for the interfaces. (Details not shown.)
# Enable DHCP snooping.
<Switch> system-view
[Switch] dhcp snooping enable
# Configure FortyGigE 1/1/2 as a trusted interface.
[Switch] interface fortygige 1/1/2
[Switch-FortyGigE1/1/2] dhcp snooping trust
[Switch-FortyGigE1/1/2] quit
# Enable IPv4SG on FortyGigE 1/1/1 and verify the source IP address and MAC address for
dynamic IPSG.
[Switch] interface fortygige 1/1/1
[Switch-FortyGigE1/1/1] ip verify source ip-address mac-address
# Enable recording of client information in DHCP snooping entries on FortyGigE 1/1/1.
[Switch-FortyGigE1/1/1] dhcp snooping binding record
[Switch-FortyGigE1/1/1] quit
Verifying the configuration
# Verify that a dynamic IPv4SG binding is generated based on a DHCP snooping entry
[Switch] display ip source binding dhcp-snooping
Total entries found: 1
IP Address
192.168.0.1
Dynamic IPv4SG using DHCP relay configuration example
Network requirements
As shown in
the DHCP server through the DHCP relay agent.
Enable dynamic IPv4SG on VLAN-interface 100 to filter received packets based on the DHCP relay
entry generated on the switch.
MAC Address
0001-0203-0406 FGE1/1/1
Figure
119, DHCP relay is enabled on the switch. The host obtains an IP address from
Interface
398
VLAN Type
1
DHCP snooping
Advertisement
Table of Contents
Troubleshooting
