2 DHCP Snooping Configuration
Context
You need to enable DHCP snooping globally before enabling DHCP snooping on an interface.
By default, DHCP snooping is disabled globally and on an interface.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
dhcp snooping enable
DHCP snooping is enabled globally.
Step 3 Run:
interface interface-type interface-number
The interface view is displayed.
The interface can be an Ethernet interface, a GE interface, or an Eth-Trunk interface.
Step 4 Run:
dhcp snooping enable
DHCP snooping is enabled on the interface.
DHCP snooping must be enabled on all the network-side interfaces and user-side interfaces of
the S9300. Otherwise, configurations related to DHCP snooping do not take effect on the
interfaces.
----End
2.7.3 Enabling the Checking of DHCP Messages
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
The interface is a user-side interface.
Step 3 Run:
dhcp snooping check
The function of checking DHCP messages is enabled.
l
2-20
{ mac-address | user-bind } enable
After you run the mac-address command, the S9300 checks whether the MAC address in
the header of a DHCP Request message is the same as the value of the CHADDR field in
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Issue 01 (2009-07-28)