Checking The Chaddr Field In Dhcp Request Messages; Checking The Configuration - Huawei Quidway S3700 Series Configuration Manual

Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
----End

3.4.3 Checking the CHADDR Field in DHCP Request Messages

If the CHADDR field in DHCP Request messages matches the source MAC address in the
Ethernet frame header, the messages are forwarded. Otherwise, the messages are discarded.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
The interface is the user-side interface.
Step 3 Run:
dhcp snooping check dhcp-chaddr enable [ alarm dhcp-chaddr { enable [ threshold
threshold-value ] | threshold threshold-value } ]
The interface is configured to check if the CHADDR field in DHCP Request messages matches
the source MAC address in the Ethernet frame header.
By default, an interface does not check the CHADDR field in DHCP Request messages, and the
alarm threshold for the rate of discarding DHCP request messages is set to 100.
----End

3.4.4 Checking the Configuration

Checking the Configuration of Preventing the DoS Attack by Changing the CHADDR Field.
Prerequisite
The configurations of preventing the DoS attack by changing the CHADDR field are complete.
Procedure
l
l
----End
Issue 01 (2011-07-15)
DHCP snooping is enabled globally.
4. Run:
interface interface-type interface-number
The interface view is displayed.
5. Run: dhcp snooping enableDHCP snooping is enabled on an interface.
Run the display dhcp snooping global command to check information about global DHCP
snooping.
Run the display dhcp snooping interface interface-type interface-number command to
check information about DHCP snooping on the interface.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 DHCP Snooping Configuration
98