No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Setting the Maximum Number of DHCP Clients

Setting the Maximum Number of DHCP Clients

The maximum number of Dynamic Host Configuration Protocol (DHCP) clients that log in from an interface can be specified.

Usage Scenario

After the number of login clients reaches the maximum number, no client can obtain IP address. To prevent malicious IP address application, configure the maximum number of DHCP clients.

When the number of login users on a DHCP snooping device reaches the maximum number, check whether the IP address of DHCP ACK packets exists in the binding entries and determine whether the login users are new ones. In this case, you can configure the MAC address strict check function. DHCP snooping can determine whether the users are new ones by checking the MAC addresses of the DHCP Discover packets sent by them. If the MAC address of a user does not exist in DHCP snooping binding entries, the user is not allowed to go online, and packets are not sent to the DHCP server. In this manner, the DHCP server is not affected by unauthorized users.

Pre-configuration Tasks

Before you set the maximum number of DHCP clients, configure DHCP snooping and trusted interfaces.

Procedure

  • Configure the maximum number of DHCP clients for a VLAN.
    1. Run system-view

      The system view is displayed.

    2. (Optional) Run dhcp snooping strict-check mac-address

      DHCP snooping is enabled to strictly check the MAC addresses of login users.

    3. Run vlan vlan-id

      The VLAN view is displayed.

    4. Run dhcp snooping max-user-number max-user-number [ interface interface-type interface-number ]

      The maximum number of DHCP clients is configured for the VLAN.

    5. (Optional) Run dhcp snooping alarm user-limit enable [ interface interface-type interface-number ]

      The alarm function for discarded DHCP packets because the maximum number of DHCP clients is reached is enabled for the VLAN.

    6. (Optional) Run dhcp snooping alarm user-limit threshold threshold [ interface interface-type interface-number ]

      The maximum number of DHCP clients is configured for the VLAN.

    7. Run commit

      The configuration is committed.

  • Configure the maximum number of DHCP clients for an interface.
    1. Run system-view

      The system view is displayed.

    2. (Optional) Run dhcp snooping strict-check mac-address

      DHCP snooping is enabled to strictly check the MAC addresses of login users.

    3. Run interface interface-type interface-number

      The interface view is displayed.

    4. Run dhcp snooping max-user-number max-user-number

      The maximum number of DHCP clients is configured for the interface.

    5. (Optional) Run dhcp snooping alarm user-limit enable

      The alarm function for discarded DHCP packets because the maximum number of DHCP clients is reached is enabled for the interface.

    6. (Optional) Run dhcp snooping alarm user-limit threshold threshold-value

      The maximum number of DHCP clients is configured for the interface.

    7. Run commit

      The configuration is committed.

Result

Run the display dhcp snooping { interface interface-type interface-number | vlan vlan-id [ interface interface-type interface-number ] } command to check the maximum number of DHCP clients configured for a VLAN or an interface.
<HUAWEI> display dhcp snooping vlan 10
 dhcp snooping enable
 dhcp snooping check arp enable
 dhcp snooping check ip enable
 dhcp snooping max-user-number 100
 arp total                  0
 ip total                   0
 dhcp-request total         0
 chaddr&src mac total       0
 dhcp-reply total           0                                                   
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 25465

Downloads: 52

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next