Example: Configuring basic DHCP snooping features globally
Network configuration
As shown in Figure 31, Switch B is connected to the authorized DHCP server through GigabitEthernet 1/0/1, to the unauthorized DHCP server through GigabitEthernet 1/0/3, and to the DHCP client through GigabitEthernet 1/0/2.
Configure only the port connected to the authorized DHCP server to forward the responses from the DHCP server. Enable the DHCP snooping device to record clients' IP-to-MAC bindings by reading DHCP-ACK messages received from the trusted port and the DHCP-REQUEST messages.
Figure 31: Network diagram
Procedure
# Enable DHCP snooping globally.
<SwitchB> system-view [SwitchB] dhcp snooping enable
# Configure GigabitEthernet 1/0/1 as a trusted port.
[SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] dhcp snooping trust [SwitchB-GigabitEthernet1/0/1] quit
# Enable recording clients' IP-to-MAC bindings on GigabitEthernet 1/0/2.
[SwitchB] interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] dhcp snooping binding record [SwitchB-GigabitEthernet1/0/2] quit
Verifying the configuration
# Verify that the DHCP client can obtain an IP address and other configuration parameters only from the authorized DHCP server. (Details not shown.)
# Display the DHCP snooping entry recorded for the client.
[SwitchB] display dhcp snooping binding