On port GigabitEthernet 1/0/1 of Switch A, enable dynamic binding function to prevent attackers
from using forged IP addresses to attack the server.
For detailed configuration of a DHCP server, refer to DHCP Configuration in the IP Service Volume.
Figure 1-2 Network diagram for configuring dynamic binding function
Configure Switch A
# Configure dynamic binding function on port GigabitEthernet 1/0/1.
[SwitchA] interface gigabitethernet1/0/1
[SwitchA-GigabitEthernet1/0/1] ip check source ip-address mac-address
# Enable DHCP snooping.
# Configure the port connecting to the DHCP server as a trusted port.
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] dhcp-snooping trust
Verify the configuration
# Display dynamic binding function is configured successfully on port GigabitEthernet 1/0/1.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] display this
ip check source ip-address mac-address
# Display the dynamic binding entries that port GigabitEthernet 1/0/1 has obtained from DHCP
[SwitchA-GigabitEthernet1/0/1] display ip check source
Total entries found: 1
# Display the dynamic entries of DHCP snooping and check it is identical with the dynamic entries that
port GigabitEthernet 1/0/1 has obtained.
[SwitchA-GigabitEthernet1/0/1] display dhcp-snooping
DHCP Snooping is enabled.