Checking The Configuration; Preventing The Attacker From Sending Bogus Dhcp Messages For Extending Ip Address Leases - Huawei Quidway S9300 Configuration Manual

2 DHCP Snooping Configuration
The interface is the user-side interface.
Step 3 Run:
dhcp snooping check mac-address enable
The interface is configured to check the CHADDR field in DHCP Request messages.
By default, an interface does not check the CHADDR field in DHCP Request messages on the
S9300.
----End

2.4.4 Checking the Configuration

Prerequisite
The configurations of preventing the DoS attack by changing the CHADDR field are complete.
Procedure
l
l
----End
Example
Run the display dhcp snooping global command, and you can view that global DHCP snooping
is enabled.
<Quidway> display dhcp snooping global
dhcp snooping enable
Run the display dhcp snooping interface interface-type interface-number command, and you
can view information about DHCP snooping on the specified interface.
<Quidway> display dhcp snooping interface gigabitethernet 1/0/0
dhcp snooping enable
dhcp snooping check mac-address enable
user-bind total
mac-address&src mac total
untrust-reply total
2.5 Preventing the Attacker from Sending Bogus DHCP
Messages for Extending IP Address Leases
This section describes how to prevent the attackers from attacking the DHCP server by forging
the DHCP messages for extending IP address leases.
2.5.1 Establishing the Configuration Task
2.5.2 Enabling DHCP Snooping
2.5.3 (Optional) Configuring Static User Binding Table
2-10
Run the display dhcp snooping global command to check information about global DHCP
snooping.
Run the display dhcp snooping interface interface-type interface-number command to
check information about DHCP snooping on the interface.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
0
0
0
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Issue 01 (2009-07-28)