Intranet users can only obtain IP addresses through DHCP for Internet access on S series switches

Intranet users can only obtain IP addresses through DHCP for Internet access on S series switches excluding the S1700. The configuration procedure is as follows:
1. Configure a switch as the DHCP server.
For details
2. Configure DHCP snooping.
See the following DHCP snooping configuration.
[HUAWEI] dhcp snooping enable
[HUAWEI] interface GigabitEthernet2/0/0 //Enable the Layer 3 interface that is automatically assigned an IP address.
[HUAWEI-GigabitEthernet2/0/0] dhcp snooping trusted //Configure the interface as the trusted interface.
[HUAWEI-GigabitEthernet2/0/0] dhcp snooping enable //Enable DHCP snooping.
[HUAWEI-GigabitEthernet2/0/0] ip source check user-bind enable //To prevent IP packets of unauthorized users from entering the external network through the switch, you can enable the IP packet check function on an interface or in a VLAN. After the IP packet check function is enabled, only the IP packets matching entries in the binding table are forwarded. After DHCP snooping is enabled, a dynamic binding table is generated.
[HUAWEI-GigabitEthernet2/0/0] arp anti-attack check user-bind enable //After ARP packet check is enabled, the switch checks all the ARP packets passing through an interface or a VLAN against the binding table. Only the ARP packets matching the binding table are forwarded.
[HUAWEI-GigabitEthernet2/0/0] quit
[HUAWEI] user-bind static ip-address 10.0.0.1 mac-address 0001-0001-0001 //If users want to configure static IP addresses for Internet access, a static binding table must be configured.

Scroll to top