Figure 2-5 Networking Diagram For Preventing The Attacker From Sending Bogus Dhcp Messages For Extending Ip Address Leases - Huawei Quidway S9300 Configuration Manual
Terabit routing switch v100r001c03
Hide thumbs
Also See for Quidway S9300:
- Configuration manual - network management (630 pages) ,
- Configuration manual (603 pages) ,
- Configuration manual - multicast (262 pages)
Table of Contents
Advertisement
2 DHCP Snooping Configuration
Figure 2-5 Networking diagram for preventing the attacker from sending bogus DHCP messages
for extending IP address leases
S9300
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Data Preparation
To complete the configuration, you need the following data:
l
l
l
Procedure
Step 1 Enable DHCP snooping.
# Enable DHCP snooping globally.
2-30
ISP network
L2 network
GE1/0/0
GE2/0/0
User network
Enable DHCP snooping globally and on the interface.
Use the operation mode of the DHCP snooping binding table to check DHCP Request
messages.
Configure the packet discarding alarm function.
Configure the Option 82 function and create a binding table that contains information about
the interface.
ID of the VLAN that each interface belongs to
Static IP addresses from which packets are forwarded
Alarm threshold
NOTE
This configuration example provides only the commands related to the DHCP snooping configuration.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
L3 network
DHCP relay
DHCP server
Configuration Guide - Security
Issue 01 (2009-07-28)
Advertisement
Table of Contents
