No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring DHCP Snooping Whitelists

Configuring DHCP Snooping Whitelists

This section describes how to configure the whitelist function for DHCP snooping so that DHCP packets are filtered based on the whitelist rules.

Usage Scenario

Generally, only the trusted and untrusted functions of DHCP snooping can be used to control DHCP packets to be sent to the CPU. On the trusted interface, DHCP request and response packets are sent to the CPU. On the untrusted interface, only request packets are sent to the CPU, and response packets are dropped. To accurately control packets to be sent to the CPU on a trusted client or server, configure the whitelist function for DHCP snooping so that DHCP packets are filtered based on the whitelist rules. After a whitelist is configured for DHCP snooping, only DHCP packets matching the whitelist rules are sent to the CPU, and the DHCP packets that do not match the whitelist rules are simply forwarded. This protects the device against attacks.

This feature is supported only on the Admin-VS.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Enable DHCP snooping.
  2. Create a whitelist.
  3. Configure whitelist rules.
  4. Apply the whitelist.

Procedure

  1. Enable DHCP snooping.

    1. Run system-view

      The system view is displayed.

    2. Run dhcp snooping enable

      DHCP snooping is enabled globally.

  2. Create a whitelist.

    Run dhcp snooping packet whitelist whitelist-name

    A whitelist is configured to filter DHCP packets.

  3. Configure whitelist rules.

    1. Run dhcp packet-rule ruleid { source-ip source-ip-address { source-ip-mask | source-ip-mask-length } | destination-ip destination-ip-address { destination-ip-mask | destination-ip-mask-length } } * [ source-port { bootpc | bootps } ] [ destination-port { bootpc | bootps } ]

      Whitelist rules are configured.

    2. Run commit

      The configuration is committed.

    3. Run quit

      Return to the system view.

  4. Apply the whitelist.

    1. Run dhcp snooping apply packet whitelist whitelist-name

      The whitelist is applied to filter DHCP packets.

    2. Run commit

      The configuration is committed.

Checking the Configurations

After the configuration is complete, run the display dhcp snooping white-list [ rule-id rule-id ] [ slot slot-id ] statistics command to check statistics about packets matching a DHCP snooping whitelist rule.

<HUAWEI> display dhcp snooping white-list slot 1 statistics
White-list statistics details:
     Slot             Rule-id             Packets               Bytes
-----------------------------------------------------------------------------------
        1                   1                   0                   0
        1                   2                   0                   0
        1                   3                   0                   0
-----------------------------------------------------------------------------------
    Total                   -                   0                   0  
-----------------------------------------------------------------------------------
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 19701

Downloads: 39

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next