In the networking settings of the DHCP server, we sometimes involve DHCP Relay content. Next, we will explain how to use DHCP Relay to bind IP addresses and MAC addresses. I hope it will be helpful to you.
Functional requirements and networking description
Use DHCP Relay to bind IP addresses and MAC addresses
"Configure Environment Parameters 』
1. the IP address of PC1 is 10.1.1.2/24, and the MAC address is 000f-1fb8-fcb8.
2. the Ethernet port 0/1 connecting PC1 to the vswitch belongs to VLAN10.
3. The Gateway is on the layer-3 Switch SwitchA and the address is 10.1.1.1/24.
"Networking requirements 』
Bind the IP address + MAC + Port of PC1 on the vswitch so that only the PC PC1 can access the Internet at Port 0/1 of the vswitch.
2 Data configuration steps
"Configuring Address binding using DHCP Relay 』
When the PC performs DHCP to obtain the IP address, the switch used as the DHCP Relay records the MAC address of the PC and the IP address assigned to the PC by the DHCP Server, create a dynamic DHCP Relay Security table. Therefore, you can use the DHCP Relay Security Command on the vswitch to manually add the IP address and MAC address table items of the PC, and enable the DHCP Relay Security features of the vswitch, to bind static addresses.
SwitchA configurations]
1. Create and enter) VLAN10
- [SwitchA]vlan 10
2. Add E0/1 to VLAN10
- [SwitchA-vlan10]port Ethernet 0/1
3. Create and enter) VLAN Interface 10
- [SwitchA]interface Vlan-interface 10
4. Configure IP addresses for VLAN 10
- [SwitchA-Vlan-interface10]ip address 10.1.1.1 255.255.255.0
5. configure a hypothetical DHCP server address for VLAN 10
- [SwitchA-Vlan-interface10]ip relay address 1.1.1.1
6. Security Features of DHCP Relay enabling VLAN Interface 10 for user address legality check
- [SwitchA-Vlan-interface10]dhcp relay security address-check enable
7. Configure the security address table for DHCP Relay
- [SwitchA]dhcp relay security 10.1.1.2 000f-1fb8-fcb8 static
Additional description]
After the preceding configuration, the IP address of PC1 can be statically bound to the MAC address.
If you want to complete access to PC1 with the IP address 10.1.1.2 and MAC address 000f-1fb8-fcb8 under port 0/1 of the vswitch, the PCs using other IP addresses or MAC addresses cannot access the Internet through port 0/1, manually bind the MAC address of PC1 to port 0/1, and configure the maximum number of MAC addresses on port 0/1 as 0:
- [SwitchA]mac-address static 000f-1fb8-fcb8 interface Ethernet 0/1 vlan 10
- [SwitchA]interface Ethernet 0/1
- [SwitchA-Ethernet0/1]mac-address max-mac-count 0
If you want to allow only PC1 to access the Internet through port 0/1, You need to bind other ports on the switch to the MAC address of other PCs respectively.
The specific device models that support the above features include S3526/F, S3528P/G, and S3552P/G/F.