How to enable DHCP snooping on a WLAN device

12

DHCP snooping is a DHCP security feature. To configure DHCP snooping security functions, enable DHCP snooping first.

For ACs, you must enable DHCP snooping in the system view and then on an interface or in a VLAN. The operations are as follows:

1. Run the dhcp snooping enable [ ipv4 | ipv6 ] command in the system view to enable DHCP snooping globally.

2. Enable DHCP snooping in the system view, interface view, or VLAN view.

- Run the dhcp snooping enable vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> command to enable DHCP snooping.

- Run the vlan vlan-id command to enter the VLAN view, or run the interface interface-type interface-number command to enter the interface view.

- Run the dhcp snooping enable command to enable DHCP snooping on the interface or in the VLAN.

DHCP snooping is enabled on Fat APs by default.

Other related questions:
How to enable the web function on WLAN devices
The procedure for enabling the web function on WLAN devices is similar. The AC is used as an example:
1. Log in to the AC through the console port or Telnet.
2. Configure the management IP address.
[AC6605] vlan 10
[AC6605-vlan10] quit
[AC6605] interface Vlanif 10 // Configure VLANIF 10 as the management interface.
[AC6605-Vlanif10] ip address 192.168.200.161 24 //Configure the IP address of the web platform.
[AC6605-Vlanif10] quit
[AC6605] interface gigabitethernet 0/0/1 //GE0/0/1 is the number of the physical interface that connects the AC and PC using the web platform to log in to the AC. Set this parameter based on network situations. 
[AC6605-GigabitEthernet0/0/1] port link-type trunk
[AC6605-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[AC6605-GigabitEthernet0/0/1] quit
3. Enable the HTTP or HTTPS service.
   - Enable the HTTP service.
   [AC6605] http server enable //The HTTP service is enabled by default.
   - Enable the HTTPS service.
   [AC6605] http secure-server enable //The HTTPS service is enabled by default.
4. Configure the web platform users.
[AC6605] aaa
[AC6605-aaa] local-user admin password irreversible-cipher Helloworld@6789
[AC6605-aaa] local-user admin privilege level 15
[AC6605-aaa] local-user admin service-type http
[AC6605-aaa] quit
5. Log in to the web platform.
Open the web browser on your PC, and enter http://192.168.200.161 (IP address configured in Step 2) in the address box. Press Enter. The web platform login page is displayed.

How to enable or disable interfaces of a WLAN device
If parameters of an interface are modified but the new configuration does not take effect immediately, you can use the shutdown command to shut down the interface and then use the undo shutdown command to start it (running the shutdown and undo shutdown commands is equivalent to running the restart command). The modified parameters will then take effect. Perform the following steps to disable an interface of a WLAN device: 1. Run the system-view command to enter the system view. 2. Run the interface interface-type interface-number command in the system view to enter the specified interface view. 3. Run the shutdown command in the interface view to disable the interface. By default, an interface is enabled. Note: - Data frames may be lost or services may be interrupted if you disable an interface during data transmission. Exercise caution when you use the shutdown command. - If you run the shutdown command in the Eth-Trunk interface view, all the member interfaces of the Eth-Trunk are disabled. - A null interface is always Up and cannot be enabled or disabled through commands. - A loopback interface is always Up and cannot be enabled or disabled through commands. Perform the following steps to enable an interface of a WLAN device: 1. Run the system-view command to enter the system view. 2. Run the interface interface-type interface-number command in the system view to enter the specified interface view. 3. Run the undo shutdown command in the interface view to enable the interface. By default, an interface is enabled.

Impact of DHCP snooping on other data packets on S series switch
For S series switches (except S1700 switches), the DHCP snooping function ensures that DHCP clients obtain IP addresses from authorized DHCP servers and records mappings between IP addresses and MAC addresses of DHCP clients, preventing DHCP attacks on the network. When DHCP attacks occur, a switch configured with DHCP Snooping discards attack packets while forwarding valid packets.

How to enable the Telnet server function for a WLAN device
By default, the Telnet server function is enabled for WLAN devices of V200R003 and earlier versions and disabled for WLAN devices of V200R005 and later versions. Run the telnet server enable command to enable the Telnet server function. For a Fit AP, if it has gone online on an AC, run the telnet enable command in the AP profile view of the AC to enable the Telnet service for this Fit AP.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top