Configuring An Interface As A Trusted Interface; Optional) Enabling Detection Of Bogus Dhcp Servers - Huawei Quidway S9300 Configuration Manual

2 DHCP Snooping Configuration
DHCP snooping is enabled on the interface.
DHCP snooping must be enabled on all the network-side interfaces and user-side interfaces of
the S9300. Otherwise, configurations related to DHCP snooping do not take effect on the
interfaces.
----End

2.3.3 Configuring an Interface as a Trusted Interface

Context
Generally, the interface connected to the DHCP server is configured as trusted and other
interfaces are configured as untrusted.
After DHCP snooping is enabled on an interface, the interface is an untrusted interface by default.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
The interface is the network-side interface connected to the DHCP server.
Step 3 Run:
dhcp snooping trusted
The interface is configured as a trusted interface.
DHCP messages sent from a trusted interface are forwarded; DHCP Replay messages sent from
an untrusted interface are discarded and DHCP Request messages sent from the untrusted
interface are forwarded.
----End

2.3.4 (Optional) Enabling Detection of Bogus DHCP Servers

Context
To locate a bogus DHCP server, you can configure detection of bogus DHCP servers on the
S9300. In this case, the S9300 obtains related information about DHCP servers by checking
DHCP Request messages, and records the information in the log. This facilitates network
maintenance of network administrators.
2-6
NOTE
Before enabling detection of bogus DHCP servers, ensure that DHCP snooping is enabled globally and on
the interface. Otherwise, the detection function does not take effect.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Issue 01 (2009-07-28)