3-12
Figure 3-7
Network diagram for IP filtering configuration
Switch
DHCP Snooping
GE1/0/2
Client C
GE1/0/1
DHCP Server
Client B
Host A
IP:1.1.1.1
MAC:0001-0001-0001
GE1/0/3
GE1/0/4
Configuration procedure
# Enable DHCP snooping on Switch.
<Switch> system-view
[Switch] dhcp-snooping
# Specify GigabitEthernet 1/0/1 as the trusted port.
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] dhcp-snooping trust
[Switch-GigabitEthernet1/0/1] quit
# Enable IP filtering on GigabitEthernet 1/0/2, GigabitEthernet 1/0/3, and GigabitEthernet 1/0/4 to filter
packets based on the source IP addresses/MAC addresses.
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] ip check source ip-address mac-address
[Switch-GigabitEthernet1/0/2] quit
[Switch] interface gigabitethernet 1/0/3
[Switch-GigabitEthernet1/0/3] ip check source ip-address mac-address
[Switch-GigabitEthernet1/0/3] quit
[Switch] interface gigabitethernet 1/0/4
[Switch-GigabitEthernet1/0/4] ip check source ip-address mac-address
[Switch-GigabitEthernet1/0/4] quit
# Create static binding entries on GigabitEthernet 1/0/2 of Switch.
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] ip source static binding ip-address 1.1.1.1 mac-address
0001-0001-0001