Figure 3-7Network diagram for IP filtering configuration

GE1/0/1

GE1/0/2

DHCP Server

Switch

DHCP Snooping

GE1/0/4

GE1/0/3

Host A

Client B

Client C

IP:1.1.1.1

 

 

MAC:0001-0001-0001

 

 

Configuration procedure

# Enable DHCP snooping on Switch.

<Switch> system-view

[Switch] dhcp-snooping

# Specify GigabitEthernet 1/0/1 as the trusted port.

[Switch] interface gigabitethernet 1/0/1

[Switch-GigabitEthernet1/0/1] dhcp-snooping trust

[Switch-GigabitEthernet1/0/1] quit

#Enable IP filtering on GigabitEthernet 1/0/2, GigabitEthernet 1/0/3, and GigabitEthernet 1/0/4 to filter packets based on the source IP addresses/MAC addresses.

[Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] ip check source ip-address mac-address

[Switch-GigabitEthernet1/0/2] quit [Switch] interface gigabitethernet 1/0/3

[Switch-GigabitEthernet1/0/3] ip check source ip-address mac-address

[Switch-GigabitEthernet1/0/3] quit [Switch] interface gigabitethernet 1/0/4

[Switch-GigabitEthernet1/0/4] ip check source ip-address mac-address

[Switch-GigabitEthernet1/0/4] quit

# Create static binding entries on GigabitEthernet 1/0/2 of Switch.

[Switch] interface gigabitethernet 1/0/2

[Switch-GigabitEthernet1/0/2] ip source static binding ip-address 1.1.1.1 mac-address 0001-0001-0001

3-12

Page 338
Image 338
3Com WX3000 7Network diagram for IP filtering configuration, # Specify GigabitEthernet 1/0/1 as the trusted port