Example For Preventing Dos Attacks By Changing The Chaddr Field - Huawei Quidway S2700 Series Configuration Manual
Hide thumbs
Also See for Quidway S2700 Series:
- Configuration manual (354 pages) ,
- Hardware installation and maintenance manual (183 pages) ,
- Quick start manual (62 pages)
Table of Contents
Advertisement
Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
Configuration Files
#
dhcp enable
dhcp snooping enable
dhcp server detect
#
interface GigabitEthernet0/0/1
dhcp snooping trusted
#
interface GigabitEthernet0/0/2
dhcp snooping enable
dhcp snooping alarm dhcp-reply enable threshold 120
#
return
3.10.2 Example for Preventing DoS Attacks by Changing the
CHADDR Field
This section describes the configuration of preventing DoS attacks by changing the CHADDR
field, including the configuration of the function of checking the CHADDR field of DHCP
Request messages on the user-side interface and the alarm function for discarded packets.
Networking Requirements
As shown in
network. To prevent DoS attacks by changing the CHADDR field, it is required that DHCP
snooping be configured on the Switch. The CHADDR field of DHCP Request messages is
checked. If the CHADDR field of DHCP Request messages matches the source MAC address
in the frame header, the messages are forwarded. Otherwise, the messages are discarded. The
alarm function for discarded packets is configured.
Figure 3-3 Networking diagram for preventing DoS attacks by changing the CHADDR field
Issue 01 (2011-07-15)
Figure
3-3, the Switch is deployed between the user network and the ISP Layer 2
ISP network
L2 network
GE0/0/1
Switch
GE0/0/2
User
network
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 DHCP Snooping Configuration
L3 network
DHCP relay
DHCP
server
107
Advertisement
Table of Contents
