Figure 3-3 Networking Diagram For Preventing The Bogus Dhcp Server Attack - Huawei Quidway S9300 Configuration Manual
Terabit routing switch
Hide thumbs
Also See for Quidway S9300:
- Configuration manual - network management (630 pages) ,
- Configuration manual (603 pages) ,
- Configuration manual - multicast (262 pages)
Table of Contents
Advertisement
3 DHCP Snooping Configuration
Figure 3-3 Networking diagram for preventing the bogus DHCP server attack
S9300
Configuration Roadmap
The configuration roadmap is as follows: (Assume that the DHCP server has been configured.)
1.
2.
3.
4.
Data Preparation
To complete the configuration, you need the following data:
l
l
Procedure
Step 1 Enable DHCP snooping.
# Enable DHCP snooping globally.
<Quidway> system-view
[Quidway] dhcp enable
[Quidway] dhcp snooping enable
3-32
ISP network
L2 network
GE1/0/0
GE2/0/0
User network
Enable DHCP snooping globally and on the interface.
Configure the interface connected to the DHCP server as a trusted interface.
Configure the user-side interface as an untrusted interface. The DHCP Request messages
including Offer, ACK, and NAK messages received from the untrusted interface are
discarded.
Configure the packet discarding alarm function.
GE 1/0/0 being the trusted interface and GE 2/0/0 being the untrusted interface
Alarm threshold being 120
NOTE
This configuration example provides only the commands related to the DHCP snooping configuration.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
L3 network
DHCP relay
DHCP server
Configuration Guide - Security
Issue 06 (2010–01–08)
Advertisement
Chapters
Table of Contents
