No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
dhcp snooping check dhcp-request enable

dhcp snooping check dhcp-request enable

Function

The dhcp snooping check dhcp-request enable enables the device to check DHCP messages against the DHCP snooping binding table.

The undo dhcp snooping check dhcp-request enable disables the device from checking DHCP messages against the DHCP snooping binding table.

By default, the device does not check DHCP messages against the DHCP snooping binding table.

Format

In the system view:

dhcp snooping check dhcp-request enable vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

undo dhcp snooping check dhcp-request enable vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

In the VLAN view and interface view:

dhcp snooping check dhcp-request enable

undo dhcp snooping check dhcp-request enable

Parameters

Parameter Description Value
vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> Enables the device to check DHCP messages from a specified VLAN against the DHCP snooping binding table. The value is an integer that ranges from 1 to 4094.

Views

System view, VLAN view, GE interface view, MultiGE interface view, XGE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After a DHCP snooping binding table is generated, the device checks DHCP Request and Release messages against the binding table. The device forwards only DHCP messages that match binding entries. This prevents unauthorized users from sending bogus DHCP Request or Release messages to extend or release IP addresses.

The matching rules are as follows:

  • When the device receives a DHCP Request message, it performs the following operations:
    1. Checks whether the destination MAC address is all Fs. If so, the device considers the user to have gone online for the first time and directly forwards the message. If not, the device considers the user to have sent the DHCP Request message to renew the IP address lease and checks the DHCP Request message against the DHCP snooping binding table.
    2. Checks whether the CHADDR field in the DHCP Request message matches a DHCP snooping binding entry. If not, the device considers the user to have gone online for the first time and directly forwards the message. If so, the device checks whether the VLAN ID, IP address, and interface number of the message match DHCP snooping binding entries. If all these fields match a DHCP snooping binding entry, the device forwards the message; otherwise, the device discards the message.
  • When receiving a DHCP Release message, the device checks whether the VLAN ID, IP address, MAC address, and interface number of the message match a dynamic DHCP snooping binding entry. If so, the device forwards the message; otherwise, the device discards the message.

Prerequisites

DHCP snooping has been enabled on the device using the dhcp snooping enable command.

Precautions

If you run the dhcp snooping check dhcp-request enable command in the VLAN view, the command takes effect for all the DHCP messages received from the specified VLAN. If you run the dhcp snooping check dhcp-request enable command in the interface view, the command takes effect for all the DHCP messages received on the specified interface.

Example

# Enable the device to check DHCP messages against the DHCP snooping binding table in VLAN 10.

<Huawei> system-view
[Huawei] dhcp enable
[Huawei] dhcp snooping enable
[Huawei] vlan 10
[Huawei-vlan10] dhcp snooping enable
[Huawei-vlan10] dhcp snooping check dhcp-request enable
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 201208

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next