Enabling Dhcp Snooping - Huawei Quidway S9300 Configuration Manual

Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
To prevent a bogus DHCP server attack, you can configure DHCP snooping on the S9300,
configure the network-side interface to be trusted and the user-side interface to be untrusted, and
discard DHCP Reply messages received from untrusted interfaces.
To locate a bogus DHCP server, you can configure detection of bogus DHCP servers on the
S9300. In this case, the S9300 obtains related information about DHCP servers by checking
DHCP Reply messages, and records the information in the log. This facilitates network
maintenance.
Pre-configuration Tasks
Before preventing the bogus DHCP server attack, complete the following tasks:
l
l
Data Preparation
To prevent the bogus DHCP server attack, you need the following data.
No.
1

2.3.2 Enabling DHCP Snooping

Context
You need to enable DHCP snooping globally before enabling DHCP snooping on an interface.
By default, DHCP snooping is disabled globally and on an interface.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dhcp snooping enable
DHCP snooping is enabled globally.
Step 3 Run:
interface interface-type interface-number
The interface view is displayed.
The interface can be an Ethernet interface, a GE interface, or an Eth-Trunk interface.
Step 4 Run:
dhcp snooping enable
Issue 01 (2009-07-28)
Configuring the DHCP server
Configuring the DHCP relay agent
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 DHCP Snooping Configuration
Data
Type and number of the interface that needs
to be set to be trusted
2-5