Enabling Checking Of Dhcp Request Messages; Optional) Configuring The Option 82 Function - Huawei Quidway S2700 Series Configuration Manual

Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
----End

3.5.3 Enabling Checking of DHCP Request Messages

To prevent unauthorized users from sending DHCP Request messages to request IP address
renewal, the S2700 matches the received DHCP Request messages to determine whether to
forward the DHCP Request messages.
Context
Binding entries of DHCP users are created automatically after DHCP snooping is enabled. If a
user uses a static IP address, you need to configure the binding entry of the user manually.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
The interface is a user-side interface.
Step 3 Run:
dhcp snooping check dhcp-request enable [ alarm dhcp-request { enable [ threshold
threshold-value ] | threshold threshold-value } ]
The interface is enabled to check DHCP Request messages.
By default, an interface is disabled from checking DHCP Request messages, and the alarm
threshold for the rate of discarding DHCP request messages is set to 100.
----End

3.5.4 (Optional) Configuring the Option 82 Function

After the Option 82 function is enabled, the S2700 can generate binding entries for users on
different interfaces according to the Option 82 field in DHCP messages, which prevents the
bogus DHCP server then replies incorrect messages.
Issue 01 (2011-07-15)
DHCP is enabled globally.
3. Run:
dhcp snooping enable
DHCP snooping is enabled globally.
4. Run:
interface interface-type interface-number
The interface view is displayed.
5. Run: dhcp snooping enableDHCP snooping is enabled on an interface.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 DHCP Snooping Configuration
87