Dhcp Snooping Configuration - Huawei Quidway S9300 Configuration Manual

Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
About This Chapter
This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP)
snooping on the S9300 to defend against DHCP attacks.
3.1 Introduction to DHCP Snooping
This section describes the principle of DHCP snooping.
3.2 DHCP Snooping Features Supported by the S9300
This section describes the DHCP snooping features supported by the S9300.
3.3 Preventing the Bogus DHCP Server Attack
This section describes how to prevent the attackers from attacking the DHCP server through the
S9300 by forging the DHCP server.
3.4 Preventing the DoS Attack by Changing the CHADDR Field
This section describes how to prevent the attackers from attacking the DHCP server by
modifying the CHADDR.
3.5 Preventing the Attacker from Sending Bogus DHCP Messages for Extending IP Address
Leases
This section describes how to prevent the attackers from attacking the DHCP server by forging
the DHCP messages for extending IP address leases.
3.6 Setting the Maximum Number of DHCP Snooping Users
This section describes how to set the maximum number of DHCP snooping users. This is because
authorized users cannot access the network when an attacker applies for IP addresses
continuously.
3.7 Limiting the Rate of Sending DHCP Messages
This section describes how to prevent attackers from sending a large number of DHCP Request
messages to attack the S9300.
3.8 Configuring the Packet Discarding Alarm Function
An alarm is generated when the number of discarded packets exceeds the threshold.
3.9 Maintaining DHCP Snooping
This section describes how to maintain DHCP snooping.
Issue 06 (2010–01–08)
3

DHCP Snooping Configuration

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 DHCP Snooping Configuration
3-1