Configuring An Interface As A Trusted Interface; Optional) Enabling Detection Of Bogus Dhcp Servers - Huawei Quidway S2700 Series Configuration Manual
Hide thumbs
Also See for Quidway S2700 Series:
- Configuration manual (354 pages) ,
- Hardware installation and maintenance manual (183 pages) ,
- Quick start manual (62 pages)
Table of Contents
Advertisement
Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
----End
3.3.3 Configuring an Interface as a Trusted Interface
Generally, the interface connected to the DHCP server is configured as trusted and other
interfaces are configured as untrusted.
Context
After DHCP snooping is enabled on an interface, the interface is an untrusted interface by default.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
The interface is the network-side interface connected to the DHCP server.
Or, run:
vlan vlan-id
The VLAN view is displayed.
Step 3 In the interface view, Run:
dhcp snooping trusted
Or, in the VLAN view, run: dhcp snooping trusted interface interface-type interface-
number
The interface is configured as a trusted interface.
DHCP Reply messages sent from an untrusted interface are discarded.
The prerequisite for the dhcp snooping trusted interface command to take effect is the interface
is added to the VLAN.
----End
3.3.4 (Optional) Enabling Detection of Bogus DHCP Servers
Before enabling detection of bogus DHCP servers, ensure that DHCP snooping is enabled
globally and on the interface. Otherwise, the detection function does not take effect.
Issue 01 (2011-07-15)
DHCP snooping is enabled globally.
4.
Run:
interface interface-type interface-number
The interface view is displayed.
5.
Run: dhcp snooping enableDHCP snooping is enabled on an interface.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 DHCP Snooping Configuration
80
Advertisement
Table of Contents
