Example For Preventing The Attacker From Sending Bogus Dhcp Messages For Extending Ip Address Leases - Huawei Quidway S9300 Configuration Manual
Terabit routing switch v100r001c03
Hide thumbs
Also See for Quidway S9300:
- Configuration manual - network management (630 pages) ,
- Configuration manual (603 pages) ,
- Configuration manual - multicast (262 pages)
Table of Contents
Advertisement
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
<Quidway> display dhcp snooping interface gigabitethernet 2/0/0
dhcp snooping enable
dhcp snooping check mac-address enable
dhcp snooping alarm mac-address enable
dhcp snooping alarm mac-address threshold 120
user-bind total
mac-address&src mac total
untrust-reply total
----End
Configuration Files
#
sysname Quidway
#
dhcp snooping enable
#
interface GigabitEthernet1/0/0
dhcp snooping enable
#
interface GigabitEthernet2/0/0
dhcp snooping enable
dhcp snooping check mac-address enable
dhcp snooping alarm mac-address enable
dhcp snooping alarm mac-address threshold 120
#
return
2.9.3 Example for Preventing the Attacker from Sending Bogus
DHCP Messages for Extending IP Address Leases
Networking Requirements
As shown in
network. To prevent the attacker from sending bogus DHCP messages for extending IP address
leases, it is required that DHCP snooping be configured on the S9300 and the DHCP snooping
binding table be created. If the received DHCP Request messages match entries in the binding
table, they are forwarded; otherwise, they are discarded. The packet discarding alarm function
is configured.
Issue 01 (2009-07-28)
Figure
2-5, the S9300 is deployed between the user network and the ISP Layer 2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
0
25
0
2 DHCP Snooping Configuration
2-29
Advertisement
Table of Contents
