Prohibit DHCP broadcast packets on S series switch

Publication Date:  2016-11-24 Views:  98 Downloads:  0
Issue Description
Prohibit DHCP broadcast packets on S series switch.
Solution
ACL rules can be configured on S series switches (except S1700 switches) to deny DHCP broadcast packets on specified interfaces. For example, you can deny DHCP broadcast packets on GE0/0/1 as follows:

1. Create advanced ACL 3001 and configure a rule to deny DHCP broadcast packets.
[Huawei] acl 3001
[Huawei-acl-adv-3001] rule deny udp destination-port eq 67 source-port eq 68 //Configure an ACL rule to deny DHCP broadcast packets.
[Huawei-acl-adv-3001] quit

2. Configure the traffic classifier tc1 to classify packets that match ACL 3001.
[Huawei] traffic classifier tc1
[Huawei-classifier-tc1] if-match acl 3001
[Huawei-classifier-tc1] quit

3. Configure the traffic behavior tb1 to deny packets.
[Huawei] traffic behavior tb1
[Huawei-behavior-tb1] deny
[Huawei-behavior-tb1] quit

4. Define a traffic policy and associate the traffic classifier and traffic behavior with the traffic policy.
[Huawei] traffic policy tp1
[Huawei-trafficpolicy-tp1] classifier tc1 behavior tb1
[Huawei-trafficpolicy-tp1] quit

5. Apply the traffic policy to GE0/0/1.
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] traffic-policy tp1 inbound
[Huawei-GigabitEthernet0/0/1] quit

END