Huawei Quidway S2700 Series Configuration Manual page 116
Hide thumbs
Also See for Quidway S2700 Series:
- Configuration manual (354 pages) ,
- Hardware installation and maintenance manual (183 pages) ,
- Quick start manual (62 pages)
Table of Contents
Advertisement
Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
Figure 3-2 Networking diagram for preventing bogus DHCP server attacks
Configuration Roadmap
The configuration roadmap is as follows: (Assume that the DHCP server has been configured.)
1.
2.
3.
4.
Data Preparation
To complete the configuration, you need the following data:
l
l
Procedure
Step 1 Enable DHCP snooping.
# Enable DHCP snooping globally.
<Quidway> system-view
[Quidway] dhcp enable
[Quidway] dhcp snooping enable
Issue 01 (2011-07-15)
ISP network
L2 network
GE0/0/1
Switch
GE0/0/2
User
network
Enable DHCP snooping globally and on the interface.
Enable bogus DHCP server detection.
Configure the interface connected to the DHCP server as the trusted interface.
Configure the alarm function for discarded DHCP Reply packets.
GE 0/0/1 being the trusted interface and GE 0/0/2 being the untrusted interface
Alarm threshold being 120
NOTE
This configuration example provides only the commands related to the DHCP snooping configuration.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 DHCP Snooping Configuration
L3 network
DHCP relay
DHCP
server
105
Advertisement
Table of Contents
