1. Manuals
  2. Brands
  3. Huawei Manuals
  4. Switch
  5. Enterprise S2700 Series
  6. Configuration manual

Huawei Quidway S2700 Series Configuration Manual page 128

Hide thumbs Also See for Quidway S2700 Series:
Table of Contents

Advertisement

Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
[Quidway] interface ethernet 0/0/1
[Quidway-Ethernet0/0/1] dhcp snooping check dhcp-request enable alarm dhcp-request
enable threshold 120
# Enable the checking of the CHADDR field and alarm function on the interfaces on the DHCP
client side to prevent attackers from changing the CHADDR field in DHCP Request messages.
The configuration of Ethernet 0/0/2 is the same as the configuration of Ethernet 0/0/1, and is not
mentioned here.
[Quidway-Ethernet0/0/1] dhcp snooping check dhcp-chaddr enable alarm dhcp-chaddr
enable threshold 120
[Quidway-Ethernet0/0/1] quit
Step 4 Check the DHCP snooping binding entries.
Run the display dhcp snooping user-bind all command, and you can view the DHCP snooping
binding entries of users.
<Quidway> display dhcp snooping user-bind all
DHCP Dynamic Bind-table:
Flags:O - outer vlan ,I - inner vlan ,P - map vlan
IP Address
--------------------------------------------------------------------------------
10.1.1.1
2010.08.14-12:58
--------------------------------------------------------------------------------
print count:
Step 5 Limit the rate of sending DHCP messages.
# Check the rate of sending DHCP messages to prevent attackers from sending DHCP Request
messages.
[Quidway] dhcp snooping check dhcp-rate enable
[Quidway] dhcp snooping check dhcp-rate 90
Step 6 Configure the Option 82 function.
# Configure the user-side interface to append the Option 82 field to DHCP messages. The
configuration of Ethernet 0/0/2 is the same as the configuration of Ethernet 0/0/1, and is not
mentioned here.
[Quidway] interface ethernet 0/0/1
[Quidway-Ethernet0/0/1] dhcp option82 insert enable
[Quidway-Ethernet0/0/1] quit
Step 7 Configure the alarm function for discarded packets.
# Enable the alarm function for discarded DHCP Reply packets, and set the alarm threshold of
the number of discarded packets. The configuration of Ethernet 0/0/2 is similar to the
configuration of Ethernet 0/0/1, and is not mentioned here.
[Quidway] interface ethernet 0/0/1
[Quidway-Ethernet0/0/1] dhcp snooping alarm dhcp-reply enable threshold 120
[Quidway-Ethernet0/0/1] quit
Step 8 Verify the configuration.
Run the display dhcp snooping global command on the Switch, and you can view that DHCP
snooping is enabled globally. You can also view the statistics on alarms.
[Quidway] display dhcp snooping global
dhcp snooping enable
dhcp snooping check dhcp-rate enable
dhcp snooping check dhcp-rate 90
Dhcp snooping enable is configured at these vlan :NULL
Issue 01 (2011-07-15)
MAC Address
VSI/VLAN(O/I/P) Interface
0001-0002-0003
10 /--
1
total count:
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 DHCP Snooping Configuration
/--
Ethernet0/0/2
1
Lease
117

Advertisement

Table of Contents
loading

Related Manuals for Huawei Quidway S2700 Series

Related Products for Huawei Quidway S2700 Series

Table of Contents