1. Manuals
  2. Brands
  3. Huawei Manuals
  4. Switch
  5. Enterprise S2700 Series
  6. Configuration manual

Huawei Quidway S2700 Series Configuration Manual page 117

Hide thumbs Also See for Quidway S2700 Series:
Table of Contents

Advertisement

Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
# Enable bogus DHCP server detection.
[Quidway] dhcp server detect
# Enable DHCP snooping on the user-side interface.
[Quidway] interface gigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] dhcp snooping enable
[Quidway-GigabitEthernet0/0/2] quit
Step 2 Configure the interface as the trusted interface or an untrusted interface.
# Configure the interface on the DHCP server side as the trusted interface.
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] dhcp snooping trusted
[Quidway-GigabitEthernet0/0/1] quit
# Configure the user-side interface as an untrusted interface.
After DHCP snooping is enabled on GE 0/0/2, GE 0/0/2 is an untrusted interface by default.
Step 3 Configure the alarm function for discarded DHCP Reply packets.
# Configure the Switch to discard the Reply messages received by untrusted interfaces, and set
the alarm threshold.
[Quidway] interface gigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] dhcp snooping alarm dhcp-reply enable threshold 120
[Quidway-GigabitEthernet0/0/2] quit
Step 4 Verify the configuration.
Run the display dhcp snooping global command on the Switch, and you can view that DHCP
snooping is enabled globally and in the interface view.
<Quidway> display dhcp snooping global
dhcp snooping enable
Dhcp snooping enable is configured at vlan :NULL
Dhcp snooping enable is configured at interface :
GigabitEthernet0/0/2
Dhcp snooping trusted is configured at interface :
GigabitEthernet0/0/1
Dhcp option82 insert is configured at interface :NULL
Dhcp option82 rebuild is configured at interface :NULL
Dhcp option82 insert is configured at vlan :NULL
Dhcp option82 rebuild is configured at vlan :NULL
dhcp packet drop count within alarm range : 0
dhcp packet drop count total : 60
<Quidway> display dhcp snooping interface gigabitethernet 0/0/1
dhcp snooping trusted
dhcp packet dropped by untrust-reply checking = 0
<Quidway> display dhcp snooping interface gigabitethernet 0/0/2
dhcp snooping enable
dhcp snooping alarm dhcp-reply enable threshold 120
dhcp packet dropped by untrust-reply checking = 10
----End
Issue 01 (2011-07-15)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 DHCP Snooping Configuration
106

Advertisement

Table of Contents
loading

Related Manuals for Huawei Quidway S2700 Series

Related Products for Huawei Quidway S2700 Series

Table of Contents