Example For Preventing Attackers From Sending Bogus Dhcp Messages For Extending Ip Address Leases - Huawei Quidway S2700 Series Configuration Manual
Hide thumbs
Also See for Quidway S2700 Series:
- Configuration manual (354 pages) ,
- Hardware installation and maintenance manual (183 pages) ,
- Quick start manual (62 pages)
Table of Contents
Advertisement
Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
Dhcp snooping enable is configured at interface :
GigabitEthernet0/0/2
Dhcp snooping trusted is configured at interface :
GigabitEthernet0/0/1
Dhcp option82 insert is configured at interface :NULL
Dhcp option82 rebuild is configured at interface :NULL
Dhcp option82 insert is configured at vlan :NULL
Dhcp option82 rebuild is configured at vlan :NULL
dhcp packet drop count within alarm range : 0
dhcp packet drop count total : 25
<Quidway> display dhcp snooping interface gigabitethernet 0/0/1
dhcp snooping trusted
dhcp packet dropped by untrust-reply checking = 0
<Quidway> display dhcp snooping interface gigabitethernet 0/0/2
dhcp snooping enable
dhcp snooping check dhcp-chaddr enable alarm dhcp-chaddr enable threshold 120
dhcp packet dropped by dhcp-chaddr checking = 25
dhcp packet dropped by untrust-reply checking = 0
----End
Configuration Files
#
dhcp enable
dhcp snooping enable
#
interface GigabitEthernet0/0/1
dhcp snooping trusted
#
interface GigabitEthernet0/0/2
dhcp snooping enable
dhcp snooping check dhcp-chaddr enable alarm dhcp-chaddr enable threshold 120
#
return
3.10.3 Example for Preventing Attackers from Sending Bogus
DHCP Messages for Extending IP Address Leases
This section describes the configuration of preventing attackers from sending bogus DHCP
messages for extending IP address leases, including the configuration of the function of checking
the DHCP Request messages on the user-side interface and the alarm function for discarded
packets.
Networking Requirements
As shown in
network. To prevent attackers from sending bogus DHCP messages for extending IP address
leases, it is required that DHCP snooping be configured on the Switch and the DHCP snooping
binding table be created. If the received DHCP Request messages match entries in the binding
table, they are forwarded; otherwise, they are discarded. The alarm function for discarded packets
is configured.
Issue 01 (2011-07-15)
Figure
3-4, the Switch is deployed between the user network and the ISP Layer 2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 DHCP Snooping Configuration
109
Advertisement
Table of Contents
