3.1 Introduction to DHCP Snooping......................................................................................................................89

3.2 DHCP Snooping Features Supported by the S3700.........................................................................................89

3.3 Preventing the Bogus DHCP Server Attack.....................................................................................................92

3.3.1 Establishing the Configuration Task.......................................................................................................92

3.3.2 Enabling DHCP Snooping.......................................................................................................................93

3.3.3 Configuring an Interface as a Trusted Interface......................................................................................94

3.3.4 (Optional) Enabling Detection of Bogus DHCP Servers........................................................................95

3.3.5 Checking the Configuration.....................................................................................................................95

3.4 Preventing the DoS Attack by Changing the CHADDR Field.........................................................................96

3.4.1 Establishing the Configuration Task.......................................................................................................96

3.4.2 Enabling DHCP Snooping.......................................................................................................................96

3.4.3 Checking the CHADDR Field in DHCP Request Messages...................................................................98

3.4.4 Checking the Configuration.....................................................................................................................98

3.5 Preventing the Attacker from Sending Bogus DHCP Messages for Extending IP Address Leases................99

3.5.1 Establishing the Configuration Task.......................................................................................................99

3.5.2 Enabling DHCP Snooping.....................................................................................................................100

3.5.3 Enabling Checking of DHCP Request Messages..................................................................................101

3.5.4 (Optional) Configuring the Option 82 Function....................................................................................102

3.5.5 (Optional) Setting the Format of the Option 82 Field...........................................................................103

3.5.6 (Optional) Appending the Option 18 Field or the Option 37 Field to DHCPv6 Request Messages

........................................................................................................................................................................104

3.5.7 Checking the Configuration...................................................................................................................105

3.6 Setting the Maximum Number of DHCP Snooping Users.............................................................................105

3.6.1 Establishing the Configuration Task.....................................................................................................105

3.6.2 Enabling DHCP Snooping.....................................................................................................................106

3.6.3 Setting the Maximum Number of DHCP Snooping Users....................................................................107

3.6.4 (Optional) Configuring MAC Address Security on an Interface...........................................................108

3.6.5 Checking the Configuration...................................................................................................................109

3.7 Limiting the Rate of Sending DHCP Messages.............................................................................................109

3.7.1 Establishing the Configuration Task.....................................................................................................109

3.7.2 Enabling DHCP Snooping.....................................................................................................................110

3.7.3 Setting the Maximum Rate of Sending DHCP Messages.....................................................................111

3.7.4 Checking the Configuration...................................................................................................................113

3.8 Configuring the Packet Discarding Alarm Function......................................................................................113

3.8.1 Establishing the Configuration Task.....................................................................................................113

3.8.2 Enabling DHCP Snooping.....................................................................................................................114

3.8.3 Configuring the Packet Discarding Alarm Function.............................................................................115

3.8.4 Checking the Configuration...................................................................................................................117

Issue 01 (2011-07-15)

Huawei Proprietary and Confidential

Contents

vii

Table of Contents