Example: Configuring DHCP snooping-based dynamic IPv4SG

Network configuration

As shown in Figure 152, the host (the DHCP client) obtains an IP address from the DHCP server. Perform the following tasks:

Figure 152: Network diagram

Procedure

  1. Configure the DHCP server.

    For information about DHCP server configuration, see Layer 3—IP Services Configuration Guide.

  2. Configure the device:

    # Configure IP addresses for the interfaces. (Details not shown.)

    # Enable DHCP snooping.

    <Device> system-view
    [Device] dhcp snooping enable
    

    # Configure HundredGigE 1/0/2 as a trusted interface.

    [Device] interface hundredgige 1/0/2
    [Device-HundredGigE1/0/2] dhcp snooping trust
    [Device-HundredGigE1/0/2] quit
    

    # Enable IPv4SG on HundredGigE 1/0/1 and verify the source IP address and MAC address for dynamic IPSG.

    [Device] interface hundredgige 1/0/1
    [Device-HundredGigE1/0/1] ip verify source ip-address mac-address
    

    # Enable recording of client information in DHCP snooping entries on HundredGigE 1/0/1.

    [Device-HundredGigE1/0/1] dhcp snooping binding record
    [Device-HundredGigE1/0/1] quit
    

Verifying the configuration

# Display dynamic IPSGv4 bindings generated based on DHCP snooping entries.

[Device] display ip source binding dhcp-snooping
Total entries found: 1
IP Address      MAC Address    Interface                VLAN Type
192.168.0.1     0001-0203-0406 HGE1/0/1                 1    DHCP snooping

HundredGigE 1/0/1 will filter packets based on the IPSGv4 binding.