Checking The Configuration; Preventing The Attacker From Sending Bogus Dhcp Messages For Extending Ip Address Leases; Establishing The Configuration Task - Huawei Quidway S2700 Series Configuration Manual

Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
The interface is the user-side interface.
Step 3 Run:
dhcp snooping check dhcp-chaddr enable [ alarm dhcp-chaddr { enable [ threshold
threshold-value ] | threshold threshold-value } ]
The interface is configured to check if the CHADDR field in DHCP Request messages matches
the source MAC address in the Ethernet frame header.
By default, an interface does not check the CHADDR field in DHCP Request messages, and the
alarm threshold for the rate of discarding DHCP request messages is set to 100.
----End

3.4.4 Checking the Configuration

Checking the Configuration of Preventing the DoS Attack by Changing the CHADDR Field.
Prerequisite
The configurations of preventing the DoS attack by changing the CHADDR field are complete.
Procedure
l
l
----End
3.5 Preventing the Attacker from Sending Bogus DHCP
Messages for Extending IP Address Leases
This section describes how to prevent the attackers from attacking the DHCP server by forging
the DHCP messages for extending IP address leases.

3.5.1 Establishing the Configuration Task

Establishing the Configuration Task of Preventing the Attacker from Sending Bogus DHCP
Messages for Extending IP Address Leases.
Issue 01 (2011-07-15)
Run the display dhcp snooping global command to check information about global DHCP
snooping.
Run the display dhcp snooping interface interface-type interface-number command to
check information about DHCP snooping on the interface.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 DHCP Snooping Configuration
84