Huawei Quidway S9300 Configuration Manual page 159
Terabit routing switch
Hide thumbs
Also See for Quidway S9300:
- Configuration manual - network management (630 pages) ,
- Configuration manual (603 pages) ,
- Configuration manual - multicast (262 pages)
Table of Contents
Advertisement
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
[Quidway] dhcp snooping check dhcp-rate enable
[Quidway] dhcp snooping check dhcp-rate 90
Step 6 Configure the Option 82 function.
# Configure the user-side interface to append the Option 82 field to DHCP messages.
[Quidway] interface gigabitethernet 1/0/0
[Quidway-GigabitEthernet1/0/0] dhcp option82 insert enable
[Quidway-GigabitEthernet1/0/0] quit
Step 7 Configure the packet discarding alarm function.
# Enable the packet discarding alarm function, and set the alarm threshold of the number of
discarded packets.
[Quidway] interface gigabitethernet 1/0/0
[Quidway-GigabitEthernet1/0/0] dhcp snooping alarm user-bind enable
[Quidway-GigabitEthernet1/0/0] dhcp snooping alarm mac-address enable
[Quidway-GigabitEthernet1/0/0] dhcp snooping alarm untrust-reply enable
[Quidway-GigabitEthernet1/0/0] dhcp snooping alarm user-bind threshold 120
[Quidway-GigabitEthernet1/0/0] dhcp snooping alarm mac-address threshold 120
[Quidway-GigabitEthernet1/0/0] dhcp snooping alarm untrust-reply threshold 120
[Quidway-GigabitEthernet1/0/0] quit
# Enable the alarm function for checking the rate of sending packets and set the alarm threshold
for checking the rate of sending packets.
[Quidway] dhcp snooping check dhcp-rate alarm enable
[Quidway] dhcp snooping check dhcp-rate alarm threshold 80
Step 8 Associate ARP with DHCP snooping.
# The system sends the ARP packet to probe the IP address that expires within the aging time
in the DHCP snooping entry and does not exist in the ARP entry. If no user is detected within
the specified number of detection times, the system deletes the binding relation in the DHCP
binding table and notifies the DHCP server to release the IP address.
[Quidway] arp dhcp-snooping-detect enable
Step 9 Verify the configuration.
Run the display dhcp snooping global command on the S9300, and you can view that DHCP
snooping is enabled globally. You can also view the statistics on alarms.
[Quidway] display dhcp snooping global
dhcp snooping enable
dhcp snooping check dhcp-rate enable
dhcp snooping check dhcp-rate 90
dhcp snooping check dhcp-rate alarm enable
dhcp snooping check dhcp-rate alarm threshold 80
Dhcp snooping enable is configured at these vlan :NULL
Dhcp snooping enable is configured at these interface :
GigabitEthernet1/0/0
Dhcp snooping trusted is configured at these interface :
GigabitEthernet2/0/0
Dhcp option82 insert is configured at these interface :
GigabitEthernet1/0/0
Dhcp option82 rebuild is configured at these interface :NULL
dhcp packet drop count within alarm range : 0
dhcp packet drop count total : 0
Issue 06 (2010–01–08)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 DHCP Snooping Configuration
3-49
Advertisement
Chapters
Table of Contents
