How to prevent DHCP messages from being broadcast on S series switches

For S series switches excluding the S1700, the switch can be configured with ACL rules to prevent broadcast DHCP messages on some interfaces. Assume that DHCP messages are not allowed on GE0/0/1. The configuration procedure is follows:
1. Create advanced ACL 3001 and configure an ACL rule to prevent broadcast DHCP messages.
[Huawei] acl 3001
[Huawei-acl-adv-3001] rule deny udp destination-port eq 67 source-port eq 68 //Configure an ACL rule to prevent broadcast DHCP messages.
[Huawei-acl-adv-3001] quit
2. Configure a traffic classifier named tc1 to classify the packets that match ACL 3001.
[Huawei] traffic classifier tc1
[Huawei-classifier-tc1] if-match acl 3001
[Huawei-classifier-tc1] quit
3. Configure a traffic behavior named tb1 to prevent broadcast DHCP messages.
[Huawei] traffic behavior tb1
[Huawei-behavior-tb1] deny
[Huawei-behavior-tb1] quit
4. Define a traffic policy and associate the traffic classifier with the traffic behavior.
[Huawei] traffic policy tp1
[Huawei-trafficpolicy-tp1] classifier tc1 behavior tb1
[Huawei-trafficpolicy-tp1] quit
5. Apply the traffic policy to GE0/0/1.
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] traffic-policy tp1 inbound
[Huawei-GigabitEthernet0/0/1] quit

Scroll to top