No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
dhcp snooping alarm enable

dhcp snooping alarm enable

Function

The dhcp snooping alarm enable command enables alarm for discarded DHCP messages.

The undo dhcp snooping alarm enable command disables alarm for discarded DHCP messages.

By default, the alarm function for discarded DHCP messages is disabled.

Format

dhcp snooping alarm { dhcp-request | dhcp-chaddr | dhcp-reply } enable [ threshold threshold ]

undo dhcp snooping alarm { dhcp-request | dhcp-chaddr | dhcp-reply } enable [ threshold ]

Parameters

Parameter Description Value
dhcp-request Generates an alarm when the number of DHCPv4 Request messages discarded because they do not match DHCP snooping binding entries reaches the threshold. -
dhcp-chaddr Generates an alarm when the number of DHCPv4 request messages discarded because the CHADDR field in the DHCP messages does not match the source MAC address in the data frame header reaches the threshold. -
dhcp-reply Generates an alarm when the number of DHCPv4 Response messages discarded by untrusted interfaces reaches the threshold. -
threshold threshold Specifies the alarm threshold. When the number of discarded DHCPv4 messages reaches the threshold, an alarm is generated. The value is an integer that ranges from 1 to 1000.

Views

GE interface view, MultiGE interface view, XGE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the alarm function is enabled, alarm messages are displayed if DHCP attacks occur and the number of discarded attack messages reaches the threshold. The minimum interval for sending alarm messages is 1 minute. You can run the dhcp snooping alarm threshold command to set the alarm threshold.

Prerequisites

DHCP snooping has been enabled on the device using the dhcp snooping enable command.

Precautions

By default, a device does not check messages received by the clients. Therefore, to make the command take effect, ensure the following is ready:
  • The device has been enabled to check DHCP messages against the binding entries using the dhcp snooping check dhcp-request enable command before the dhcp snooping alarm [ dhcp-request enable command is run.
  • The device has been enabled to check whether the CHADDR field is the same as the source MAC address in the header of a DHCPv4 Request message using the dhcp snooping check dhcp-chaddr enable command before the dhcp snooping alarm dhcp-chaddr enable command is run.

To ensure that alarms can be properly reported, you need to run the snmp-agent trap enable feature-name dhcp command to enable the DHCP module to report the corresponding alarm. You can check whether the DHCP module is enabled to report the corresponding alarm using the display snmp-agent trap feature-name dhcp all command.

Example

# On GE0/0/1, enable DHCP snooping, enable the device to check whether the CHADDR field in the DHCP message matches the source MAC address in the Ethernet frame header, and enable alarm for the DHCP messages discarded because the CHADDR field in the DHCP message does not match the source MAC address.

<Huawei> system-view
[Huawei] dhcp enable
[Huawei] dhcp snooping enable
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] dhcp snooping enable
[Huawei-GigabitEthernet0/0/1] dhcp snooping check dhcp-chaddr enable
[Huawei-GigabitEthernet0/0/1] dhcp snooping alarm dhcp-chaddr enable
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 195343

Downloads: 118

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next