Example For Preventing The Attacker From Sending Bogus Dhcp Messages For Extending Ip Address Leases - Huawei Quidway S9300 Configuration Manual
Terabit routing switch
Hide thumbs
Also See for Quidway S9300:
- Configuration manual - network management (630 pages) ,
- Configuration manual (603 pages) ,
- Configuration manual - multicast (262 pages)
Table of Contents
Advertisement
3 DHCP Snooping Configuration
dhcp packet drop count total : 25
<Quidway> display dhcp snooping interface gigabitethernet 2/0/0
dhcp snooping enable
dhcp snooping check mac-address
dhcp snooping alarm mac-address enable
dhcp snooping alarm mac-address threshold 120
dhcp packet dropped by mac-address checking = 25
----End
Configuration Files
#
sysname Quidway
#
dhcp enable
dhcp snooping enable
#
interface GigabitEthernet2/0/0
dhcp snooping enable
dhcp snooping check mac-address enable
dhcp snooping alarm mac-address enable
dhcp snooping alarm mac-address threshold 120
#
return
3.10.3 Example for Preventing the Attacker from Sending Bogus
DHCP Messages for Extending IP Address Leases
Networking Requirements
As shown in
network. To prevent the attacker from sending bogus DHCP messages for extending IP address
leases, it is required that DHCP snooping be configured on the S9300 and the DHCP snooping
binding table be created. If the received DHCP Request messages match entries in the binding
table, they are forwarded; otherwise, they are discarded. The packet discarding alarm function
is configured.
3-36
Figure
3-5, the S9300 is deployed between the user network and the ISP Layer 2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Issue 06 (2010–01–08)
Advertisement
Chapters
Table of Contents
