Example For Limiting The Rate Of Sending Dhcp Messages - Huawei Quidway S3700 Series Configuration Manual
Hide thumbs
Also See for Quidway S3700 Series:
- Configuration manual (398 pages) ,
- Quick start manual (70 pages) ,
- Manual (69 pages)
Table of Contents
Advertisement
Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
dhcp packet dropped by dhcp-request checking = 45
dhcp packet dropped by untrust-reply checking = 0
----End
Configuration Files
#
dhcp enable
dhcp snooping enable
#
interface GigabitEthernet0/0/1
dhcp snooping trusted
#
interface GigabitEthernet 0/0/2
dhcp snooping enable
dhcp snooping check dhcp-request enable alarm dhcp-request threshold 120
#
return
3.10.4 Example for Limiting the Rate of Sending DHCP Messages
This section describes the configuration of limiting the rate of sending DHCP messages,
including the configuration of the rate of sending DHCP messages to the protocol stack and the
alarm function for discarded packets.
Networking Requirements
As shown in
messages, it is required that DHCP snooping be enabled on the Switch to control the rate of
sending DHCP Request messages to the protocol stack. At the same time, the alarm function for
discarded packets needs to be enabled.
Figure 3-6 Networking diagram for limiting the rate of sending DHCP messages
DHCP client
Configuration Roadmap
The configuration roadmap is as follows:
Issue 01 (2011-07-15)
Figure
3-6, to prevent the attacker from sending a large number of DHCP Request
L2 network
L2 network
Ethernet
0/0/2
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Attacker
Ethernet
0/0/1
GE0/0/1
Switch
DHCP relay
3 DHCP Snooping Configuration
L3 network
DHCP server
126
Advertisement
Table of Contents
