Ip Filtering Configuration Example - H3C S3100-52P Operation Manual
Hide thumbs
Also See for S3100-52P:
- Operation manual (62 pages) ,
- Command manual (55 pages) ,
- Installation manual (54 pages)
Table of Contents
Advertisement
Operation Manual – DHCP
H3C S3100-52P Ethernet Switch
2.3.2 IP Filtering Configuration Example
I. Network requirements
As shown in
DHCP server and Ethernet 1/0/2 is connected to Host A. The IP address and MAC
address of Host A are 1.1.1.1 and 0001-0001-0001 respectively. Ethernet 1/0/3 and
Ethernet 1/0/4 are connected to DHCP Client B and Client C.
Enable DHCP snooping on the switch, and specify Ethernet 1/0/1 as the DHCP
snooping trusted port.
Enable IP filtering on Ethernet 1/0/2, Ethernet 1/0/3, and Ethernet 1/0/4 to prevent
attacks to the server from clients using fake source IP addresses.
Create static binding entries on the switch, so that Host A using a fixed IP address
can access external networks.
II. Network diagram
Figure 2-7 Network diagram for IP filtering configuration
III. Configuration procedure
# Enable DHCP snooping on the switch.
<Switch> system-view
[Switch] dhcp-snooping
# Specify Ethernet 1/0/1 as the trusted port.
[Switch] interface Ethernet1/0/1
[Switch-Ethernet1/0/1] dhcp-snooping trust
[Switch-Ethernet1/0/1] quit
# Enable IP filtering on Ethernet 1/0/2, Ethernet 1/0/3, and Ethernet 1/0/4 to filter
Figure
2-7, Ethernet 1/0/1 of the S3100-52P switch is connected to the
2-14
Chapter 2 DHCP Snooping Configuration
Advertisement
Chapters
Table of Contents
Troubleshooting
