No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S9300, S9300E, and S9300X V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
All Users Cannot Obtain IP Address after DHCP Snooping Is Enabled

All Users Cannot Obtain IP Address after DHCP Snooping Is Enabled

Fault Description

The possible causes are as follows:
  • The interface connected to the DHCP server is not configured as the trusted interface.
  • After DHCP snooping is enabled globally, DHCP snooping is not enabled on the interface connecting to users or in the VLAN to which the interface belongs.

Procedure

  1. Check whether the interface connected to the DHCP server is in a correct state.
    1. Run the display dhcp snooping configuration and display dhcp snooping [ interface interface-type interface-number | vlan vlan-id ] commands to check in which VLANs and on which interfaces DHCP snooping is enabled and whether "Trusted interface: Yes" is displayed for the interface connected to the DHCP server.

      By default, an interface is in the untrusted state. When receiving messages from the network-side interfaces, the device processes only the DHCP reply messages received on the trusted interface and discards those on untrusted interfaces. When receiving messages from user-side interfaces, the device forwards the messages only to the trusted interface.

    2. Check whether the interface connected to the DHCP server is a trusted interface. If it is not a trusted interface, run the dhcp snooping trusted command in the VLAN or interface view to configure the interface as a trusted interface.

      When DHCP snooping is enabled on a DHCP relay agent, a trusted interface does not need to be configured on the DHCP relay agent. After receiving DHCP Request messages from users, the DHCP relay agent converts the source/destination IP addresses and MAC addresses, and forwards the messages to the valid DHCP server in unicast mode. Therefore, the DHCP ACK messages received by the DHCP relay agent are valid, and the DHCP snooping binding entries generated by the DHCP relay agent are correct.

  2. If the interface status is correct, check whether DHCP snooping is enabled on the interface connected to users or the VLAN to which the interface belongs.
    1. Run the display dhcp snooping configuration and display dhcp snooping [ interface interface-type interface-number | vlan vlan-id ] commands to check whether DHCP snooping is enabled on the interface connected to users or the VLAN to which the interface belongs.
    2. DHCP snooping should be enabled on the interface connected to users or VLAN to which the interface belongs. If it is not enabled, run the dhcp snooping enable command in the VLAN or interface view to enable it.
Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178410

Views: 125957

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next