2.7 Configuration Examples................................................................................................................................2-32

2.7.1 Example for Configuring Web Authentication....................................................................................2-32

2.7.2 Example for Configuring 802.1x Authentication.................................................................................2-35

2.7.3 Example for Configuring MAC Address Authentication....................................................................2-38

3 DHCP Snooping Configuration..............................................................................................3-1

3.1 Introduction to DHCP Snooping.....................................................................................................................3-3

3.2 DHCP Snooping Features Supported by the S9300........................................................................................3-3

3.3 Preventing the Bogus DHCP Server Attack....................................................................................................3-5

3.3.1 Establishing the Configuration Task......................................................................................................3-6

3.3.2 Enabling DHCP Snooping..................................................................................................................... 3-6

3.3.3 Configuring an Interface as a Trusted Interface.....................................................................................3-8

3.3.4 (Optional) Enabling Detection of Bogus DHCP Servers.......................................................................3-8

3.3.5 Checking the Configuration...................................................................................................................3-9

3.4 Preventing the DoS Attack by Changing the CHADDR Field....................................................................... 3-9

3.4.1 Establishing the Configuration Task....................................................................................................3-10

3.4.2 Enabling DHCP Snooping...................................................................................................................3-10

3.4.3 Checking the CHADDR Field in DHCP Request Messages...............................................................3-12

3.4.4 Checking the Configuration.................................................................................................................3-12

3.5 Preventing the Attacker from Sending Bogus DHCP Messages for Extending IP Address Leases.............3-13

3.5.1 Establishing the Configuration Task....................................................................................................3-13

3.5.2 Enabling DHCP Snooping...................................................................................................................3-14

3.5.3 Enabling the Checking of DHCP Request Messages...........................................................................3-15

3.5.4 (Optional) Configuring the Option 82 Function..................................................................................3-16

3.5.5 Checking the Configuration.................................................................................................................3-17

3.6 Setting the Maximum Number of DHCP Snooping Users...........................................................................3-18

3.6.1 Establishing the Configuration Task....................................................................................................3-18

3.6.2 Enabling DHCP Snooping...................................................................................................................3-18

3.6.3 Setting the Maximum Number of DHCP Snooping Users..................................................................3-20

3.6.4 (Optional) Configuring MAC Address Security on an Interface.........................................................3-20

3.6.5 Checking the Configuration.................................................................................................................3-21

3.7 Limiting the Rate of Sending DHCP Messages............................................................................................3-22

3.7.1 Establishing the Configuration Task....................................................................................................3-22

3.7.2 Enabling DHCP Snooping...................................................................................................................3-23

3.7.3 Limiting the Rate of Sending DHCP Messages...................................................................................3-24

3.7.4 Checking the Configuration.................................................................................................................3-25

3.8 Configuring the Packet Discarding Alarm Function.....................................................................................3-25

3.8.1 Establishing the Configuration Task....................................................................................................3-25

3.8.2 Enabling DHCP Snooping...................................................................................................................3-26

3.8.3 Enabling the Checking of DHCP Messages.........................................................................................3-27

3.8.4 Configuring the Packet Discarding Alarm Function............................................................................3-28

Huawei Proprietary and Confidential

Quidway S9300 Terabit Routing Switch

Configuration Guide - Security

Issue 06 (2010-01-08)

Table of Contents

Chapters

Table of Contents

Huawei Quidway S9300 Configuration Manual page 6

Chapters

Related Manuals for Huawei Quidway S9300

Related Products for Huawei Quidway S9300

Table of Contents