Prohibit DHCP broadcast packets on S series switch

ACL rules can be configured on S series switches (except S1700 switches) to deny DHCP broadcast packets on specified interfaces. For example, you can deny DHCP broadcast packets on GE0/0/1 as follows:
1. Create advanced ACL 3001 and configure a rule to deny DHCP broadcast packets.
[Huawei] acl 3001
[Huawei-acl-adv-3001] rule deny udp destination-port eq 67 source-port eq 68 //Configure an ACL rule to deny DHCP broadcast packets.
[Huawei-acl-adv-3001] quit
2. Configure the traffic classifier tc1 to classify packets that match ACL 3001.
[Huawei] traffic classifier tc1
[Huawei-classifier-tc1] if-match acl 3001
[Huawei-classifier-tc1] quit
3. Configure the traffic behavior tb1 to deny packets.
[Huawei] traffic behavior tb1
[Huawei-behavior-tb1] deny
[Huawei-behavior-tb1] quit
4. Define a traffic policy and associate the traffic classifier and traffic behavior with the traffic policy.
[Huawei] traffic policy tp1
[Huawei-trafficpolicy-tp1] classifier tc1 behavior tb1
[Huawei-trafficpolicy-tp1] quit
5. Apply the traffic policy to GE0/0/1.
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] traffic-policy tp1 inbound
[Huawei-GigabitEthernet0/0/1] quit

Scroll to top