Limiting The Rate Of Sending Dhcp Messages; Establishing The Configuration Task; Enabling Dhcp Snooping - Huawei Quidway S9300 Configuration Manual

2 DHCP Snooping Configuration
<Quidway> display dhcp option82 interface gigabitethernet 1/0/0
dhcp option82 insert enable

2.6 Limiting the Rate of Sending DHCP Messages

This section describes how to prevent attackers from sending a large number of DHCP Request
messages to attack the S9300.

2.6.1 Establishing the Configuration Task

2.6.2 Enabling DHCP Snooping

2.6.3 Limiting the Rate of Sending DHCP Messages
2.6.4 Checking the Configuration
2.6.1 Establishing the Configuration Task
Applicable Environment
If an attacker sends DHCP Request messages continuously on a network, the DHCP protocol
stack of the S9300 is affected.
To prevent an attacker from sending a large number of DHCP Request messages, you can
configure DHCP snooping on the S9300 to check DHCP Request messages and limit the rate
of sending DHCP Request messages. Only a certain number of DHCP Request messages can
be sent to the protocol stack during a certain period. Excessive DHCP Request messages are
discarded.
Pre-configuration Tasks
Before limiting the rate of sending packets, complete the following tasks:
l
l
Data Preparation
To limit the rate of sending packets, you need the following data.
No.
1
2.6.2 Enabling DHCP Snooping
2-16
Configuring the DHCP server
Configuring the DHCP relay agent
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Data
Rate at which DHCP messages are sent to the
protocol stack
Issue 01 (2009-07-28)