Dhcp Snooping Configuration - Huawei Quidway S2700 Series Configuration Manual

Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
About This Chapter
This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP)
snooping on the S2700 to defend against DHCP attacks.
Context
3.1 Introduction to DHCP Snooping
This section describes the principle of DHCP snooping.
3.2 DHCP Snooping Features Supported by the S2700
This section describes the DHCP snooping features supported by the S2700.
3.3 Preventing the Bogus DHCP Server Attack
To prevent the attack from the pseudo DHCP server, use the trusted/untrusted working mode of
DHCP snooping.
3.4 Preventing the DoS Attack by Changing the CHADDR Field
This section describes how to prevent the attackers from attacking the DHCP server by
modifying the CHADDR.
3.5 Preventing the Attacker from Sending Bogus DHCP Messages for Extending IP Address
Leases
This section describes how to prevent the attackers from attacking the DHCP server by forging
the DHCP messages for extending IP address leases.
3.6 Setting the Maximum Number of DHCP Snooping Users
This section describes how to set the maximum number of DHCP snooping users. This is because
authorized users cannot access the network when an attacker applies for IP addresses
continuously.
3.7 Limiting the Rate of Sending DHCP Messages
This section describes how to prevent attackers from sending a large number of DHCP Request
messages to attack the S2700.
3.8 Configuring the Packet Discarding Alarm Function
Issue 01 (2011-07-15)
3

DHCP Snooping Configuration

NOTE
S2700SI does not support DHCP Snooping.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 DHCP Snooping Configuration
74