HPE Moonshot 45Gc Security Configuration Manual page 428

Figure 126 Network diagram
Configuration procedure
1. Add all interfaces on Switch B to VLAN 10, and specify the IP address of VLAN-interface 10 on
Switch A. (Details not shown.)
2. Configure the DHCP server on Switch A, and configure DHCP address pool 0.
<SwitchA> system-view
[SwitchA] dhcp enable
[SwitchA] dhcp server ip-pool 0
[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
3. Configure Host A (DHCP client) and Host B. (Details not shown.)
4. Configure Switch B:
# Enable DHCP snooping.
<SwitchB> system-view
[SwitchB] dhcp snooping enable
[SwitchB] interface fortygige 1/1/3
[SwitchB-FortyGigE1/1/3] dhcp snooping trust
[SwitchB-FortyGigE1/1/3] quit
# Enable recording of client information in DHCP snooping entries on FortyGigE 1/1/1.
[SwitchB] interface fortygige 1/1/1
[SwitchB-FortyGigE1/1/1] dhcp snooping binding record
[SwitchB-FortyGigE1/1/1] quit
# Enable ARP detection for VLAN 10.
[SwitchB] vlan 10
[SwitchB-vlan10] arp detection enable
# Configure the upstream interface as a trusted interface. By default, an interface is an
untrusted interface.
[SwitchB-vlan10] interface fortygige 1/1/3
[SwitchB-FortyGigE1/1/3] arp detection trust
[SwitchB-FortyGigE1/1/3] quit
# Configure a static IP source guard binding on interface FortyGigE 1/1/2 for user validity check.
[SwitchB] interface fortygige 1/1/2
415