R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide
522
Figure 253 Network diagram
Configuration procedure
1. Configure VLAN 10, add ports to VLAN 10, and configure the IP address of the VLAN-interface.
(Details not shown.)
2. Configure the DHCP server on Router A:
<RouterA> system-view
[RouterA] dhcp enable
[RouterA] dhcp server ip-pool 0
[RouterA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
3. Configure the DHCP client on Hosts A and Host B. (Details not shown.)
4. Configure Router B:
# Enable DHCP snooping, and configure GigabitEthernet 3/0/3 as a DHCP-trusted port.
<RouterB> system-view
[RouterB] dhcp-snooping
[RouterB] interface gigabitethernet 3/0/3
[RouterB-GigabitEthernet3/0/3] dhcp-snooping trust
[RouterB-GigabitEthernet3/0/3] quit
# Enable ARP detection.
[RouterB] vlan 10
[RouterB-vlan10] arp detection enable
# Configure GigabitEthernet 3/0/3 as an ARP-trusted port.
[RouterB-vlan10] interface gigabitethernet 3/0/3
[RouterB-GigabitEthernet3/0/3] arp detection trust
[RouterB-GigabitEthernet3/0/3] quit
# Configure a static IP source guard entry on interface GigabitEthernet 3/0/2.
[RouterB] interface gigabitethernet 3/0/2
[RouterB-GigabitEthernet3/0/2] ip source binding ip-address 10.1.1.6 mac-address
0001-0203-0607 vlan 10
[RouterB-GigabitEthernet3/0/2] ip verify source ip-address mac-address
[RouterB-GigabitEthernet3/0/2] quit