Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
Data Preparation
To prevent the attacker from sending bogus DHCP messages for extending IP address leases,
you need the following data.
No.
1
3.5.2 Enabling DHCP Snooping
After DHCP snooping is enabled globally, it must be enabled on an interface or in a VLAN.
Otherwise, DHCP snooping does not take effect.
Context
To enable DHCP snooping, you need to comply with the following sequence:
l
l
l
Procedure
l
Issue 01 (2011-07-15)
Enable DHCP globally.
Enable DHCP snooping globally.
Enable DHCP snooping on an interface or in a VLAN.
Enabling DHCP snooping in the VLAN view
1.
Run:
system-view
The system view is displayed.
2.
Run:
dhcp enable
DHCP is enabled globally.
3.
Run:
dhcp snooping enable
DHCP snooping is enabled globally.
4.
Run:
vlan vlan-id
The VLAN view is displayed.
5.
Run:
dhcp snooping enable
DHCP snooping is enabled in a VLAN.
6.
Run:
quit
Return to the system view.
7.
(Optional) Run:
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 DHCP Snooping Configuration
Data
Type and number of the interface enabled
with detection of bogus DHCP servers
100