No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Defense Against Bogus DHCP Server Attacks

Configuring Defense Against Bogus DHCP Server Attacks

Context

If a bogus DHCP server is deployed at the user side, STAs may obtain incorrect IP addresses and network configuration parameters, and cannot communicate properly. After the DHCP trusted port is disabled on an RU, the RU considers that a bogus DHCP server is deployed at the user side when receiving DHCP OFFER, ACK, and NAK packets. The RU discards the packets and reports the IP address of the bogus DHCP server to the connected central AP.

In most cases, you need to enable the DHCP trusted port in an RU wired port profile. When receiving DHCP OFFER, ACK, and NAK packets sent by authorized DHCP servers, the RU forwards the packets to STAs so that the STAs can obtain valid IP addresses and go online. For the detailed configuration, see Managing an AP's Wired Interface.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Run:

    vap-profile name profile-name

    The VAP profile view is displayed.

  4. Run:

    undo dhcp trust port

    The DHCP trusted port is disabled on the AP.

    By default, the DHCP trusted interface is disabled in the VAP profile view and enabled on the RU's uplink interface in the AP wired port profile view.

Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 130194

Downloads: 312

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next