Attack prevention methods used by DHCP snooping on S series switch


For S series switches (except S1700 switches), DHCP Snooping provides the trust function and binding table checking function to prevent man-in-the-middle attacks. The DHCP Snooping trust function sets the interface connected to an authorized DHCP server as the trusted interface, so that clients can obtain IP addresses from the authorized DHCP server, preventing bogus DHCP server attacks. The DHCP snooping binding table checking function prevents DHCP attacks from unauthorized users, such as DHCP flood attacks, bogus DHCP server attacks, and DHCP server DoS attacks.

Other related questions:
Methods of configuring defense against bogus DHCP server attacks on S series switch
S series switches (except S1700 switches) support configuration of the DHCP Snooping trust function to prevent attacks from unauthorized DHCP servers and ensure clients can obtain IP addresses from authorized DHCP servers. As shown in the networking diagram on the right, the DHCP Client and Server are connected through the Switch. The following provides the procedure for configuring the DHCP Snooping trust function for S series switches: 1. Enable DHCP Snooping globally. [Huawei] dhcp enable [Huawei] dhcp snooping enable 2. Enable DHCP Snooping on user-side interfaces GE0/0/2 and GE0/0/3. [Huawei] interface gigabitethernet 0/0/2 [Huawei-GigabitEthernet0/0/2] dhcp snooping enable [Huawei-GigabitEthernet0/0/2] quit [Huawei] interface gigabitethernet 0/0/3 [Huawei-GigabitEthernet0/0/3] dhcp snooping enable [Huawei-GigabitEthernet0/0/3] quit 3. Configure the interface (GE0/0/1) connected to the DHCP Server as the trusted interface. [Huawei] interface gigabitethernet 0/0/1 [Huawei-GigabitEthernet0/0/1] dhcp snooping trusted [Huawei-GigabitEthernet0/0/1] quit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top