Dynamic IPv4SG using DHCP snooping configuration example
Network requirements
As shown in Figure 129, the host (the DHCP client) obtains an IP address from the DHCP server. Perform the following tasks:
Enable DHCP snooping on the device to make sure the DHCP client obtains an IP address from the authorized DHCP server. To generate a DHCP snooping entry for the DHCP client, enable recording of client information in DHCP snooping entries.
Enable dynamic IPv4SG on GigabitEthernet 1/0/1 to filter incoming packets by using the IPv4SG bindings generated based on DHCP snooping entries. Only packets from the DHCP client are allowed to pass.
Figure 128: Network diagram
Configuration procedure
Configure DHCP snooping:
# Configure IP addresses for the interfaces. (Details not shown.)
# Enable DHCP snooping.
<Device> system-view [Device] dhcp snooping enable
# Configure GigabitEthernet 1/0/2 as a trusted interface.
[Device] interface gigabitethernet 1/0/2 [Device-GigabitEthernet1/0/2] dhcp snooping trust [Device-GigabitEthernet1/0/2] quit
Configure IPv4SG on GigabitEthernet 1/0/1:
# Enable IPv4SG on GigabitEthernet 1/0/1 and verify the source IP address and MAC address for dynamic IPSG.
[Device] interface gigabitethernet 1/0/1 [Device-GigabitEthernet1/0/1] ip verify source ip-address mac-address
# Enable recording of client information in DHCP snooping entries on GigabitEthernet 1/0/1.
[Device-GigabitEthernet1/0/1] dhcp snooping binding record [Device-GigabitEthernet1/0/1] quit
Verifying the configuration
# Verify that a dynamic IPv4SG binding is generated based on a DHCP snooping entry.
[Device] display ip source binding dhcp-snooping Total entries found: 1 IP Address MAC Address Interface VLAN Type 192.168.0.1 0001-0203-0406 GE1/0/1 1 DHCP snooping