Optional) Configuring The Option 82 Function - Huawei Quidway S9300 Configuration Manual

3 DHCP Snooping Configuration
vlan vlan-id
The VLAN view is displayed.
Step 3 Run:
dhcp snooping check user-bind enable
The interface or the interface in a VLANis enabled to check DHCP Request messages.
By default, an interface or the interface in a VLANis disabled from checking DHCP Request
messages.
----End

3.5.4 (Optional) Configuring the Option 82 Function

Context
After the Option 82 function is enabled, the S9300 can generate binding entries for users on
different interfaces according to the Option 82 field in DHCP messages.
When the Option 82 function is used on the DHCP relay agent, the generated binding table does
not contain information about the interface if the set Option 82 field does not contain information
about the interface. The following situations are caused:
l
l
When DHCP snooping is used at Layer 2, the S9300 can obtain information about the interface
required by the binding table even if the Option 82 function is not configured.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
The interface is the user-side interface.
Or, run:
vlan vlan-id
The VLAN view is displayed.
Step 3 Run:
dhcp option82 insert enable
3-16
NOTE
The dhcp snooping check user-bind enable command can also check whether the Release packet match
the binding table, thus preventing unauthorized users from releasing the IP addresses of authorized users.
The DHCP Reply messages of the DHCP server are listened to by users on other interfaces
in a VLAN.
After a user logs in, this valid user is forged if users on other interfaces in a VLAN forge
the IP address and MAC address.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Issue 06 (2010–01–08)