Download Print this page

HP 6125XLG Configuration Manual: Dynamic Ipv4 Source Guard Using Dhcp Snooping Configuration Example

R2306-hp 6125xlg blade switch security configuration guide.
Hide thumbs

Advertisement

# On Ten-GigabitEthernet 1/1/6, configure a static IPv4 source guard binding entry to allow only
IP packets with the source MAC address of 0001-0203-0406 and the source IP address of
192.168.0.1 to pass.
[SwitchB-Ten-GigabitEthernet1/1/6] ip source binding ip-address 192.168.0.1
mac-address 0001-0203-0406
[SwitchB-Ten-GigabitEthernet1/1/6] quit
# Enable IPv4 source guard on port Ten-GigabitEthernet 1/1/5.
[SwitchB] interface ten-gigabitEthernet 1/1/5
[SwitchB-Ten-GigabitEthernet1/1/5] ip verify source ip-address mac-address
# On Ten-GigabitEthernet 1/1/5, configure a static IPv4 source guard binding entry to allow only
IP packets with the source MAC address of 0001-0203-0407 and the source IP address of
192.168.0.2 to pass.
[SwitchB-Ten-GigabitEthernet1/1/5] ip source binding ip-address 192.168.0.2
mac-address 0001-0203-0407
[SwitchB-Ten-GigabitEthernet1/1/5] quit
3.
Verify the configuration:
# Display static IPv4 source guard binding entries on Switch A. The output shows that the static
IPv4 source guard binding entries are configured successfully.
<SwitchA> display ip source binding static
Total entries found: 2
IP Address
192.168.0.1
192.168.0.3
# Display static IPv4 source guard binding entries on Switch B. The output shows that the static IPv4
source guard binding entries are configured successfully.
<SwitchB> display ip source binding static
Total entries found: 2
IP Address
192.168.0.1
192.168.0.2
Dynamic IPv4 source guard using DHCP snooping
configuration example
Network requirements
As shown in
Enable DHCP snooping on the switch, so that the host can obtain an IPv4 address from the valid DHCP
server and the IPv4 address and the MAC address of the host can be recorded in a DHCP snooping
entry.
Enable dynamic IPv4 source guard on port Ten-GigabitEthernet 1/1/5 to filter received packets based
on DHCP snooping entries, allowing only packets from a client that obtains an IP address from the DHCP
server to pass.
MAC Address
0001-0203-0405 XGE1/1/6
0001-0203-0406 XGE1/1/5
MAC Address
0001-0203-0406 XGE1/1/6
0001-0203-0407 XGE1/1/5
Figure
58, the host (the DHCP client) obtains an IP address from the DHCP server.
Interface
Interface
167
VLAN Type
N/A
Static
N/A
Static
VLAN Type
N/A
Static
N/A
Static

Advertisement

Troubleshooting

   Related Manuals for HP 6125XLG

Comments to this Manuals

Symbols: 0
Latest comments: