Dynamic Ipv4 Source Guard Using Dhcp Relay Configuration Example - HP 3600 v2 Series Configuration Manual

[Device] dhcp-snooping
# Configure Ethernet 1/0/2 as a trusted port.
[Device] interface ethernet1/0/2
[Device-Ethernet1/0/2] dhcp-snooping trust
[Device-Ethernet1/0/2] quit
2. Configure the IPv4 source guard feature.
# Configure the IPv4 source guard feature on Ethernet 1/0/1 to filter packets based on both the
source IP address and MAC address.
[Device] interface ethernet1/0/1
[Device-Ethernet1/0/1] ip verify source ip-address mac-address
[Device-Ethernet1/0/1] quit
Verifying the configuration
# Display the IPv4 source guard binding entries generated on Ethernet 1/0/1.
[Device] display ip source binding
Total entries found: 1
MAC Address
0001-0203-0406
# Display DHCP snooping entries.
[Device] display dhcp-snooping
DHCP snooping is enabled.
The client binding table for all untrusted ports.
Type : D--Dynamic , S--Static , R--Recovering
Type IP Address
==== =============== ============== ============ ==== ===== =================
D 192.168.0.1
--- 1 dhcp-snooping item(s) found
The output shows that a dynamic IPv4 source guard binding entry has been generated based on the
DHCP snooping entry.
Dynamic IPv4 source guard using DHCP relay configuration
example
Network requirements
As shown in
0001-0203-0406) obtains an IP address from the DHCP server through the DHCP relay agent.
Enable the IPv4 source guard feature on the switch's VLAN-interface 100 to filter packets based on the
DHCP relay entry, allowing only packets from clients that obtain IP addresses from the DHCP server to
pass.
IP Address
192.168.0.1
MAC Address
0001-0203-0406 86335
Figure 1 1 1, DHCP relay is enabled on the switch. The host (with the MAC address of
VLAN Interface
1 Eth1/0/1
Lease VLAN SVLAN Interface
1
---
365
Type
DHCP-SNP
N/A Ethernet1/0/1