Configuring Unauthorized Dhcp Server Detection; Configuring Dhcp Snooping To Support Option - H3C S3100 Series Operation Manual

Configuring Unauthorized DHCP Server Detection

Only the S3100-SI series among S3100 series switches support the unauthorized DHCP server
detection.
Follow these steps to configure unauthorized DHCP server detection:
Operation
Enter system view
Enter Ethernet port view
Enable unauthorized DHCP
server detection
Specify the method for handling
unauthorized DHCP servers
Return to system view
Specify a source MAC address
for DHCP-DISCOVER
messages sent by the snooping
device
Display information about
unauthorized DHCP servers
You need to enable DHCP snooping before enabling unauthorized DHCP server detection.
Do not configure unauthorized DHCP server detection on a member port of a link aggregation
group.
Currently, after specifying the source MAC address for DHCP-DISCOVER messages on an
S3100-SI series switch, you cannot use the VLAN-VPN tunnel function at the same time, and vice
versa. In addition, after you specify the source MAC address for DHCP-DISCOVER messages, the
IGMP snooping function cannot learn router interfaces through PIM messages. For information
about router interfaces, refer to Multicast Operation.

Configuring DHCP Snooping to Support Option 82

Command
system-view
interface interface-type
interface-number
dhcp-snooping server-guard
enable
dhcp-snooping server-guard
method { trap | shutdown }
quit
dhcp-snooping server-guard
source-mac mac-address
display dhcp-snooping
server-guard
3-7
Description
—
—
Required
Disabled by default.
Optional
By default, the handling method
is trap.
—
Optional
By default, the source MAC
address of DHCP-DISCOVER
messages is the bridge MAC
address of the switch.
Available in any view