H3C S6812 Series Command Reference Manual page 764

Predefined user roles
network-admin
Usage guidelines
DHCP-REQUEST packets include lease renewal packets, DHCP-DECLINE packets, and
DHCP-RELEASE packets. This feature prevents unauthorized clients that forge DHCP-REQUEST
packets from attacking the DHCP server.
With this feature enabled, DHCP snooping looks for a matching DHCP snooping entry for each
received DHCP-REQUEST message.
•
If a match is found, DHCP snooping compares the entry with the message. If they have
consistent information, DHCP snooping considers the packet valid and forwards it to the DHCP
server. If they have different information, DHCP snooping considers the message invalid and
discards it.
•
If no match is found, DHCP snooping forwards the message to the DHCP server.
Examples
# Enable DHCP-REQUEST check for DHCP snooping.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping check request-message
dhcp snooping deny
Use dhcp snooping deny to configure a port as DHCP packet blocking port.
Use undo dhcp snooping deny to restore the default.
Syntax
dhcp snooping deny
undo dhcp snooping deny
Default
A port does not block DHCP requests.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
A DHCP packet blocking port drops all incoming DHCP requests.
Examples
# Configure Ten-GigabitEthernet 1/0/1 as a DHCP packet blocking port.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping deny
dhcp snooping enable
Use dhcp snooping enable to enable DHCP snooping.
Use undo dhcp snooping enable to disable DHCP snooping.
81