No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S9300, S9300E, and S9300X V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Some Users Cannot Obtain IP Addresses after DHCP Snooping Is Enabled

Some Users Cannot Obtain IP Addresses after DHCP Snooping Is Enabled

Fault Description

The possible causes are as follows:
  • The number of DHCP clients connected to the user-side interface has reached the maximum value.
  • The transmission rate of DHCP messages has exceeded the upper limit and DHCP messages from new DHCP clients are being discarded.

Procedure

  1. Check whether the number of access DHCP users has reached the threshold.
    1. Run the display dhcp snooping [ interface interface-type interface-number | vlan vlan-id ] command to check whether "Dhcp user max number: XX" is displayed globally, in the VLAN, or on the user-side interface.

      By default, a maximum of 32768 DHCP snooping binding entries can be learned on an interface.

    2. Run the display dhcp snooping user-bind all command to view the number of dynamic DHCP snooping entries on the DHCP snooping-enabled interface. If the number of entries on the interface has reached the maximum value, new DHCP clients cannot access the network.

      To increase the maximum value of DHCP access users, run the dhcp snooping max-user-number max-number command.

  2. If the number of access DHCP users has not reached the threshold, check whether the transmission rate of DHCP messages has exceeded the upper limit.
    1. Run the display dhcp snooping [ interface interface-type interface-number | vlan vlan-id ] command to check whether "Dhcp-rate limit(pps): xx" is displayed globally, in the VLAN, or on the user-side interface.

      If "Dhcp-rate limit(pps): xx" is not displayed, the default rate limit is 100 pps. The configured value takes preference.

    2. If DHCP users cannot access the network because the DHCP snooping rate limit is low, run the dhcp snooping check dhcp-rate rate command in the system view, interface view, and VLAN view to increase the rate limit values.
Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178410

Views: 126776

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next