Example: Configuring basic DHCP snooping features globally
Network configuration
As shown in Figure 33, Switch B is connected to the authorized DHCP server through Ten-GigabitEthernet 1/0/1, to the unauthorized DHCP server through Ten-GigabitEthernet 1/0/3, and to the DHCP client through Ten-GigabitEthernet 1/0/2.
Configure only the port connected to the authorized DHCP server to forward the responses from the DHCP server. Enable the DHCP snooping device to record clients' IP-to-MAC bindings by reading DHCP-ACK messages received from the trusted port and the DHCP-REQUEST messages.
Figure 33: Network diagram
Procedure
![[IMPORTANT: ]](images/important.png) | IMPORTANT: By default, interfaces on the device are disabled (in ADM or Administratively Down state). To have an interface operate, you must use the undo shutdown command to enable that interface. | |
# Enable DHCP snooping globally.
<SwitchB> system-view [SwitchB] dhcp snooping enable
# Configure Ten-GigabitEthernet 1/0/1 as a trusted port.
[SwitchB] interface ten-gigabitethernet 1/0/1 [SwitchB-Ten-GigabitEthernet1/0/1] dhcp snooping trust [SwitchB-Ten-GigabitEthernet1/0/1] quit
# Enable recording clients' IP-to-MAC bindings on Ten-GigabitEthernet 1/0/2.
[SwitchB] interface ten-gigabitethernet 1/0/2 [SwitchB-Ten-GigabitEthernet1/0/2] dhcp snooping binding record [SwitchB-Ten-GigabitEthernet1/0/2] quit
Verifying the configuration
# Verify that the DHCP client can obtain an IP address and other configuration parameters only from the authorized DHCP server. (Details not shown.)
# Display the DHCP snooping entry recorded for the client.
[SwitchB] display dhcp snooping binding