Filter
Top Products
DES-7200 Configuration Guide Chapter 11 IP Source Guard Configuration
11-7
DHCP deployment environment
11.4.2 Application Requirements
The user can only use the IP address dynamically allocated by a valid DHCP server
or statically allocated by the administrator to access network. IP packets with source
IP different from the IP addresses contained in the hardware filtering list of switch will
be blocked to ensure network security.
11.4.3 Configuration Tips
Configure IP Source Guard and DHCP Snooping on the access device (Switch A) to
meet the requirements:
1. Configure the uplink port (GigabitEthernet 0/1) as trusted port to avoid DHCP
server spoofing.
2. Enable IP Source Guard on PC-connecting ports (GigabitEthernet 0/2 and
GigabitEthernet 0/3).
3. The user with IP address assigned by the administrator can be configured
through IP Source Guard static binding (IP address: 192.168.216.4; MAC
address: 0000.0000.0001).
11.4.4 Configuration Steps
Configure Switch A
Step 1: Enable DHCP Snooping.
DES-7200#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
DES-7200(config)#ip dhcp snooping
Step 2: Configure the uplink port as the trusted port of DHCP Snooping.
DES-7200(config)#interface gigabitEthernet 0/1
DES-7200(config-if-GigabitEthernet 0/1)#ip dhcp snooping trust
DES-7200(config-if-GigabitEthernet 0/1)#exit
Step 3: Enable IP Source Guard on the port directly connected with PC
DES-7200(config)#interface range gigabitEthernet 0/2-3
DES-7200(config-if-range)#ip verify source port-security
DES-7200(config-if-range)#exit