Example For Limiting The Rate Of Sending Dhcp Messages - Huawei Quidway S9300 Configuration Manual

2 DHCP Snooping Configuration
ifname
-------------------------------------------------------------------------------
GE2/0/0
GE2/0/0
-------------------------------------------------------------------------------
total count : 2
Run the display dhcp option82 interface command, and you can find that the function of
inserting the Option 82 field into packets is enabled on the interface.
<Quidway> display dhcp option82 interface gigabitethernet 2/0/0
dhcp option82 insert enable
----End
Configuration Files
#
sysname Quidway
#
dhcp snooping enable
#
user-bind static ip-address 10.1.1.3 mac-address 0000-005e-008a interface
gigabitethernet 2/0/0 vlan 3
#
interface gigabitethernet 1/0/0
dhcp snooping enable
#
interface gigabitethernet 2/0/0
dhcp snooping enable
dhcp snooping check user-bind enable
dhcp snooping alarm user-bind enable
dhcp snooping alarm user-bind threshold 120
dhcp option82 insert enable
#
return

2.9.4 Example for Limiting the Rate of Sending DHCP Messages

Networking Requirements
As shown in
messages, it is required that DHCP snooping be enabled on the S9300 to control the rate of
sending DHCP Request messages to the protocol stack. At the same time, the packet discarding
alarm function is enabled.
2-32
p/cvlan tp lease
0001/0000 S 0
0333/0000 D 090320-1109 0016-21f1-56b6
Figure 2-6, to prevent the attacker from sending a large number of DHCP Request
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
mac-address ip-address
vpn-instance
0000-005e-008a 010.001.001.003
070.070.116.062
Issue 01 (2009-07-28)