Hosts can obtain IP addresses from the DHCP server, and the IPSG function is enabled; however, IPSG does not take effect.
When hosts obtain IP addresses through DHCP, IPSG checks packets received by interfaces based on the DHCP snooping dynamic binding table. The device automatically generates DHCP snooping binding entries for online hosts only after the DHCP snooping function is enabled.
Run the display dhcp snooping user-bind { { interface interface-type interface-number | ip-address ip-address | mac-address mac-address | vlan vlan-id }* | all } command to view DHCP snooping binding entries.
If no dynamic binding entry exists, configure DHCP snooping. For details, see Configuring IPSG Based on a Dynamic Binding Table. The main configuration steps are as follows:
After DHCP snooping is configured, the device generates DHCP snooping entries for the hosts when the hosts go online again. IPSG will then take effect. If you enable IPSG before the device generates DHCP snooping dynamic binding entries, the device denies all IP packets except DHCP Request packets. In this situation, communication services on the hosts are affected. Therefore, before enabling the IPSG function, configure the DHCP snooping function to enable the device to generate dynamic binding entries.