R3303-HP HSR6800 Routers Security Configuration Guide
31
Figure 136 Network diagram
Configuration procedure
1. Configure the DHCP relay agent:
# Configure IP addresses for the interfaces. (Details not shown.)
# Enable DHCP relay.
<Router> system-view
[Router] dhcp enable
# Configure the IP address of the DHCP server.
[Router] dhcp relay server-group 1 ip 10.1.1.1
# Configure GigabitEthernet 3/0/1 to operate in DHCP relay mode.
[Router] interface gigabitethernet 3/0/1
[Router-GigabitEthernet3/0/1] dhcp select relay
# Correlate GigabitEthernet 3/0/1 with DHCP server group 1.
[Router-GigabitEthernet3/0/1] dhcp relay server-select 1
[Router-GigabitEthernet3/0/1] quit
2. Enable IPv4 source guard on GigabitEthernet 3/0/1 to filter packets based on both the source IP
address and MAC address.
[Router] interface gigabitethernet 3/0/1
[Router-GigabitEthernet3/0/1] ip verify source ip-address mac-address
[Router-GigabitEthernet3/0/1] quit
Verifying the configuration
# Display the generated IPv4 source guard entries.
[Router] display ip source binding
Total entries found: 1
MAC Address IP Address VLAN Interface Type
0001-0203-0406 192.168.0.1 N/A GE3/0/1 DHCP-RLY
Troubleshooting IP source guard
Symptom
Failed to configure static IP source guard or dynamic IP source guard on a port.
Analysis
IP source guard is not supported on a port in an aggregation group.
Solution
Remove the port from the aggregation group.
Host
MAC: 0001-0203-0406
Router
DHCP server
GE3/0/1
GE3/0/2
DHCP relay agent
10.1.1.1/24
DHCP client