Debugging Dhcp Snooping; Configuration Examples; Example For Preventing The Bogus Dhcp Server Attack - Huawei Quidway S9300 Configuration Manual

2 DHCP Snooping Configuration
Procedure
l
----End

2.8.4 Debugging DHCP Snooping

Context
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
When a running fault occurs, run the following debugging command in the user view to locate
the fault.
Procedure
l
----End

2.9 Configuration Examples

This section provides several configuration examples of DHCP snooping.

2.9.1 Example for Preventing the Bogus DHCP Server Attack

2.9.2 Example for Preventing the DoS Attack by Changing the CHADDR Field
2.9.3 Example for Preventing the Attacker from Sending Bogus DHCP Messages for Extending
IP Address Leases
2.9.4 Example for Limiting the Rate of Sending DHCP Messages
2.9.5 Example for Applying DHCP Snooping on a Layer 2 Network
2.9.6 Example for Enabling DHCP Snooping on the DHCP Relay Agent
2.9.1 Example for Preventing the Bogus DHCP Server Attack
2-24
Run the dhcp snooping user-bind autosave file-name command to back up the DHCP
snooping binding table.
If the binding table is backed up, the system automatically backs up the binding table
–
to a specified path every one hour or after 300 dynamic binding entries are generated.
If the binding table is not backed up, the dynamic DHCP snooping binding table is lost
–
after the S9300 restarts. As a result, users that obtain IP addresses dynamically from
the DHCP server cannot communicate normally. Then, the users need to log in again.
CAUTION
Run the debugging dhcp snooping command to debug DHCP snooping.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Issue 01 (2009-07-28)