Figure 58 Network diagram
Configuration procedure
1.
Configure the DHCP server.
For information about DHCP server configuration, see Layer 3—IP Services Configuration Guide.
2.
Configure DHCP snooping on the switch:
# Configure IP addresses for the interfaces. (Details not shown.)
# Enable DHCP snooping.
<Switch> system-view
[Switch] dhcp snooping enable
# Configure Ten-GigabitEthernet 1/1/6 as a trusted port.
[Switch] interface ten-gigabitEthernet1/1/6
[Switch-Ten-GigabitEthernet1/1/6] dhcp snooping trust
[Switch-Ten-GigabitEthernet1/1/6] quit
3.
Configure IPv4 source guard on the switch:
# Enable IPv4 source guard on Ten-GigabitEthernet 1/1/5 to filter packets based on both the
source IP address and the MAC address.
[Switch] interface ten-gigabitEthernet 1/1/5
[Switch-Ten-GigabitEthernet1/1/5] ip verify source ip-address mac-address
# Enable recording of client information in DHCP snooping entries on Ten-GigabitEthernet 1/1/5.
[Switch-Ten-GigabitEthernet1/1/5] dhcp snooping binding record
[Switch-Ten-GigabitEthernet1/1/5] quit
Verifying the configuration
# Display dynamic IPv4 source guard binding entries obtained from DHCP snooping.
[Switch] display ip source binding dhcp-snooping
Total entries found: 1
IP Address
192.168.0.1
The output shows that IP source guard has generated a dynamic IPv4 binding entry on
Ten-GigabitEthernet 1/1/5 based on the DHCP snooping entry.
MAC Address
Interface
0001-0203-0406 XGE1/1/5
168
VLAN Type
1
DHCP snooping