Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Defense Against Bogus DHCP Server Attacks
Context
After DHCP snooping is enabled and a trusted interface is configured, the device enables DHCP clients to obtain IP addresses from the authorized DHCP server, to prevent bogus DHCP server attacks. However, the location of the bogus DHCP server cannot be detected, which brings security risks on the network.
After DHCP server detection is enabled, the DHCP snooping-enabled device checks information about the DHCP server, such as the IP address and port number, in the DHCP Reply messages and records the information to the log. The network administrator identifies whether bogus DHCP servers exist on the network based on logs.