3com WX3000 Manuel D’Utilisation

 

3-11 

# Enable DHCP snooping on Switch.  

<Switch> system-view 

[Switch] dhcp-snooping 

# Specify GigabitEthernet 1/0/5 as the trusted port. 

[Switch] interface gigabitethernet 1/0/5 

[Switch-GigabitEthernet1/0/5] dhcp-snooping trust 

[Switch-GigabitEthernet1/0/5] quit 

# Enable DHCP-snooping Option 82 support.  

[Switch] dhcp-snooping information enable 

# Set the remote ID sub-option in Option 82 to the system name (sysname) of the DHCP snooping 

device. 

[Switch] dhcp-snooping information remote-id sysname 

# Set the circuit ID sub-option in DHCP packets from VLAN 1 to “abcd” on GigabitEthernet 1/0/3. 

[Switch] interface gigabitethernet 1/0/3 

[Switch-GigabitEthernet1/0/3] dhcp-snooping information vlan 1 circuit-id string abcd 

As shown in 

, GigabitEthernet 1/0/1 of Switch is connected to DHCP server and 

GigabitEthernet 1/0/2 is connected to Host A. The IP address and MAC address of Host A are 1.1.1.1 

and 0001-0001-0001 respectively. GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 is connected to 

DHCP Client B and Client C. 

z 

Enable DHCP snooping on Switch, and specify GigabitEthernet 1/0/1 as the DHCP snooping 

trusted port to prevent attacks from unauthorized DHCP servers. 

z 

Enable IP filtering on GigabitEthernet 1/0/2, GigabitEthernet 1/0/3, and GigabitEthernet 1/0/4 to 

prevent attacks to the server from clients using fake source IP addresses.  

z 

Create static binding entries on Switch, so that Host A using a fixed IP address can access the 

external network.