Methods of configuring defense against bogus DHCP server attacks on S series switch

S series switches (except S1700 switches) support configuration of the DHCP Snooping trust function to prevent attacks from unauthorized DHCP servers and ensure clients can obtain IP addresses from authorized DHCP servers. As shown in the networking diagram on the right, the DHCP Client and Server are connected through the Switch. The following provides the procedure for configuring the DHCP Snooping trust function for S series switches:
1. Enable DHCP Snooping globally.
[Huawei] dhcp enable
[Huawei] dhcp snooping enable
2. Enable DHCP Snooping on user-side interfaces GE0/0/2 and GE0/0/3.
[Huawei] interface gigabitethernet 0/0/2
[Huawei-GigabitEthernet0/0/2] dhcp snooping enable
[Huawei-GigabitEthernet0/0/2] quit
[Huawei] interface gigabitethernet 0/0/3
[Huawei-GigabitEthernet0/0/3] dhcp snooping enable
[Huawei-GigabitEthernet0/0/3] quit
3. Configure the interface (GE0/0/1) connected to the DHCP Server as the trusted interface.
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] dhcp snooping trusted
[Huawei-GigabitEthernet0/0/1] quit

Scroll to top