Comprehensive and Detailed 200 to 250 words of Explanation From HCIP Datacom Campus Network documents knowledge without any URL or Links:
To prevent users from accessing the network using statically configured IP addresses, Huawei campus networks rely on a combination ofDHCP SnoopingandIP Source Guard (IPSG). DHCP Snooping works by monitoring DHCP message exchanges and building atrusted binding tablethat records legitimate IP–MAC–VLAN–interface mappings learned dynamically from a legal DHCP server. This binding table becomes the foundation for several Layer 2 security mechanisms.
IP Source Guard uses the DHCP Snooping binding table to strictly control traffic entering an interface. When IPSG is enabled, the switch permits only packets whose source IP address and MAC address match an entry in the DHCP Snooping binding table. If a user manually configures a static IP address, no valid DHCP binding exists for that host, so IPSG drops the traffic and denies network access. This directly prevents statically configured IP addresses from being used to access the network.
Dynamic ARP Inspection (DAI) focuses on preventing ARP spoofing and man-in-the-middle attacks, not static IP misuse. Port Security limits MAC addresses per interface but does not verify IP address legitimacy. Therefore, neither DAI nor Port Security alone can prevent users from assigning static IP addresses.
According to HCIP Datacom Campus Network security design principles,only the combination of DHCP Snooping and IPSGeffectively enforces IP address legitimacy and blocks statically configured IP access, making optionCthe correct answer.
