DHCP Snooping Management

S12700 and S12700E V200R019C10 NETCONF YANG API Reference

This document describes the NETCONF YANG API functions supported by the switch, including the data model and samples.

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Data Model
Configuring DHCP Snooping
Configuring an Interface as the Trusted Interface
Disabling DHCP Snooping
Disabling DHCP Snooping on an Interface
Associating ARP with DHCP Snooping
Configuring DHCP Server Detection
Configuring Defense Against Bogus DHCP Message Attacks

Data Model

The data model file matching DHCP snooping is huawei-savi.yang.

Table 2-375 DHCP snooping

Object	Description	Value Range	Remarks
/huawei-dhcp:dhcp-config/dhcpv4-config/enable	Indicates whether the DHCP function is enabled.	The value is of the Boolean type: true: The DHCP function is enabled. false: The DHCP function is disabled. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping-global-enable/ipv4-enable	Indicates whether DHCPv4 snooping is enabled globally.	The value is of the Boolean type: true: DHCPv4 snooping is enabled globally. false: DHCPv4 snooping is disabled globally. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping-global-enable/ipv6-enable	Indicates whether DHCPv6 snooping is enabled globally.	The value is of the Boolean type: true: DHCPv6 snooping is enabled globally. false: DHCPv6 snooping is disabled globally. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping-global-enable/arp-detect-enable	Indicates whether association between ARP and DHCP snooping is enabled.	The value is of the Boolean type: true: Association between ARP and DHCP snooping is enabled. false: Association between ARP and DHCP snooping is disabled. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping-global-enable/server-detect-enable	Indicates whether DHCP server detection is enabled.	The value is of the Boolean type: true: DHCP server detection is enabled. false: DHCP server detection is disabled. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/global-config/alarm-threshold	Indicates the alarm threshold for the number of discarded DHCP snooping messages.	The value is an integer in the range from 1 to 1000.	N/A
/huawei-savi/savi/dhcp-snooping/global-config/max-user-number	Indicates the maximum number of DHCP snooping binding entries to be learned on an interface. The configured value is the total number of DHCP snooping binding entries to be learned on all interfaces on the device.	The value is an integer that varies depending on product models.	N/A
/huawei-savi:savi/dhcp-snooping/snooping-global-enable/packet-flow-log-enable	Indicates whether the function of recording logs when DHCP messages are exchanged is enabled.	The value is of the Boolean type: true: The function of recording logs when DHCP messages are exchanged is enabled. false: The function of recording logs when DHCP messages are exchanged is disabled. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/interface/interface-name	Indicates the interface name.	The interface type and number must exist.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/bridge-domain/snooping-enable	Indicates whether DHCP snooping is enabled on BD.	The value is of the Boolean type: true: DHCP snooping is enabled on the BD. false: DHCP snooping is disabled on the BD. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/bridge-domain/snooping-trust-enable	Indicates whether an interface is a trusted BD.	The value is of the Boolean type: true: The BD is a trusted interface. false: The BD is an untrusted interface. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/interface/snooping-enable	Indicates whether DHCP snooping is enabled on an interface.	The value is of the Boolean type: true: DHCP snooping is enabled on the interface. false: DHCP snooping is disabled on the interface. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/interface/snooping-trust-enable	Indicates whether an interface is a trusted interface.	The value is of the Boolean type: true: The interface is a trusted interface. false: The interface is an untrusted interface. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/interface/disable	Indicates whether DHCP snooping is disabled on an interface.	The value is of the Boolean type: true: DHCP snooping is enabled on an interface. false: DHCP snooping is disabled on an interface. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/interface/check-dhcp-request	Indicates whether the device is enabled to check DHCP messages against the DHCP snooping binding table.	The value is of the Boolean type: true: The device is enabled to check DHCP messages against the DHCP snooping binding table. false: The device is disabled from checking DHCP messages against the DHCP snooping binding table. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/interface/alarms/alarm/type	Indicates the DHCP snooping alarm type in the interface.	The value is dhcp-request, dhcp-chaddr, dhcp-reply, or dhcpv6-request.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/interface/alarms/alarm/enable	Indicates whether the DHCP snooping alarm function is enabled in the interface.	The value is of the Boolean type: true: The DHCP snooping alarm function is enabled. false: The DHCP snooping alarm function is disabled. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/interface/alarms/alarm/threshold	Indicates the alarm threshold in the interface.	The value is an integer in the range from 1 to 1000.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/interface/max-user-number	Indicates the maximum number of DHCP snooping binding entries to be learned on an interface. The value is the smallest of the values configured in the system view, VLAN view, and interface view.	The value is an integer that varies depending on product models.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/interface/check-dhcp-chaddr	Indicates whether the function of checking whether the source MAC address in a DHCP Request packet header is the same as the CHADDR field is enabled.	The value is of the Boolean type: true: The function of checking whether the source MAC address in a DHCP Request packet header is the same as the CHADDR field is enabled. false: The function of checking whether the source MAC address in a DHCP Request packet header is the same as the CHADDR field is disabled. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/vlan/start-vlan-id	Indicates the start VLAN ID.	The value must be the ID of an existing VLAN.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/vlan/end-vlan-id	Indicates the end VLAN ID.	The value must be the ID of an existing VLAN.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/vlan/snooping-enable	Indicates whether DHCP snooping is enabled.	The value is of the Boolean type: true: DHCP snooping is enabled. false: DHCP snooping is disabled. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/vlan/check-dhcp-request	Indicates whether the device is enabled to check DHCP messages against the DHCP snooping binding table. In the VLAN view, the device checks all the DHCP messages in the specified VLAN received by all the interfaces on the device.	The value is of the Boolean type: true: The device is enabled to check DHCP messages against the DHCP snooping binding table. false: The device is disabled from checking DHCP messages against the DHCP snooping binding table. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/vlan/max-user-number	Indicates the maximum number of DHCP snooping binding entries to be learned on an interface. The configured value is the largest of the values on all the interfaces added to the specified VLAN.	The value is an integer that varies depending on product models.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/vlan/check-dhcp-chaddr	Indicates whether the function of checking whether the source MAC address in a DHCP Request packet header is the same as the CHADDR field is enabled. This function takes effect for the DHCP messages in the specified VLAN received by all the interfaces on the device in the vlan.	The value is of the Boolean type: true: The function of checking whether the source MAC address in a DHCP Request packet header is the same as the CHADDR field is enabled. false: The function of checking whether the source MAC address in a DHCP Request packet header is the same as the CHADDR field is disabled. The default value is false.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/vlan-and-interface/vlan-id	Indicates the VLAN ID.	The VLAN ID must exist.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/vlan-and-interface/interface-name	Indicates the interface name.	The value must be the type and number of an interface added into the VLAN.	N/A
/huawei-savi/savi/dhcp-snooping/snooping/vlan-and-interface/snooping-trust-enable	Indicates whether an interface is a trusted interface.	The value is of the Boolean type: true: The interface is a trusted interface. false: The interface is an untrusted interface. The default value is false.	N/A
/huawei-savi/savi/savi-config/enable	Indicates whether the SAVI function is enabled.	The value is of the Boolean type: true: The SAVI function is enabled. false: The SAVI function is disabled. The default value is false.	N/A

Configuring DHCP Snooping

This section provides a sample of configuring DHCP snooping using the rpc method.

Table 2-376 Configuring DHCP snooping

Operation	XPATH
rpc	/huawei-savi/savi/dhcp-snooping

Data Requirements

Item	Data	Description
Whether DHCP is enabled	true	Enable the DHCP function.
Whether DHCP snooping is enabled globally	true	Enable the DHCP snooping function globally.
Whether DHCP snooping is enabled on GE1/0/1 connecting to users	true	Enable DHCP snooping on GE1/0/1 connecting to users.
Whether DHCP snooping is enabled in VLAN10 and VLAN11 to which users belong	true	Enable DHCP snooping in VLAN10 and VLAN11 to which users belong. NOTE: Ensure that VLAN10 and VLAN11 have been created.

Request example

<rpc message-id="123" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
        <interface>
          <name>GigabitEthernet1/0/1</name>
          <description>savi</description>
          <type xmlns:iana-if-type="urn:ietf:params:xml:ns:yang:iana-if-type">iana-if-type:ethernetCsmacd</type>
          <enabled>true</enabled>
        </interface>
      </interfaces>
      <dhcp-config xmlns="urn:huawei:params:xml:ns:yang:huawei-dhcp">
        <dhcpv4-config>
          <enable>true</enable>
        </dhcpv4-config>
      </dhcp-config>
      <savi xmlns="urn:huawei:params:xml:ns:yang:huawei-savi">
        <dhcp-snooping>
          <snooping-global-enable>
              <ipv4-enable>true</ipv4-enable>
          </snooping-global-enable>
          <snooping>
            <interface>
              <interface-name>GigabitEthernet1/0/1</interface-name>
              <snooping-enable>true</snooping-enable>
           </interface>
           <vlan>
               <start-vlan-id>10</start-vlan-id>
               <end-vlan-id>11</end-vlan-id>
               <snooping-enable>true</snooping-enable>
            </vlan>
         </snooping>
        </dhcp-snooping>
      </savi>
    </config>
  </edit-config>
</rpc>

Response example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message> Service process failed.</error-message>
    <error-info>Error on node /huawei-savi/savi/dhcp-snooping/snooping/interface[interface-name="GigabitEthernet1/0/1"]/snooping-enable</error-info>
  </rpc-error>
</rpc-reply>

Configuring an Interface as the Trusted Interface

This section provides a sample of configuring interface as the trusted interface using the merge method.

Table 2-377 Configuring an Interface as the Trusted Interface

Operation	XPATH
rpc	/huawei-savi/savi/dhcp-snooping

Data Requirements

Item	Data	Description
Whether DHCP is enabled	true	Enable the DHCP function.
Whether DHCP snooping is enabled globally	true	Enable the DHCP snooping function globally.
Trusted status of GE1/0/2 connecting to servers	true	Configure GE1/0/2 connecting to servers as the trusted interface.
Trusted status of GE1/0/3 connecting to servers and added in VLAN13	true	Configure GE1/0/3 connecting to servers as the trusted interface.

Request example

<rpc message-id="123" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <if:interfaces xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
        <if:interface>
          <if:name>GigabitEthernet1/0/2</if:name>
           <if:type xmlns:iana-if-type="urn:ietf:params:xml:ns:yang:iana-if-type">iana-if-type:ethernetCsmacd</if:type>
           <if:enabled>true</if:enabled>
         </if:interface>
      </if:interfaces>
      <if:interfaces xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
       <if:interface>
         <if:name>GigabitEthernet1/0/3</if:name>
          <if:type xmlns:iana-if-type="urn:ietf:params:xml:ns:yang:iana-if-type">iana-if-type:ethernetCsmacd</if:type>
          <if:enabled>true</if:enabled>
        </if:interface>
      </if:interfaces>
      <hw-dhcp:dhcp-config xmlns:hw-dhcp="urn:huawei:params:xml:ns:yang:huawei-dhcp">
        <hw-dhcp:dhcpv4-config>
          <hw-dhcp:enable>true</hw-dhcp:enable>
        </hw-dhcp:dhcpv4-config>
      </hw-dhcp:dhcp-config>
      <hw-savi:savi xmlns:hw-savi="urn:huawei:params:xml:ns:yang:huawei-savi">
        <hw-savi:dhcp-snooping>
          <hw-savi:snooping-global-enable>
            <hw-savi:ipv4-enable>true</hw-savi:ipv4-enable>
          </hw-savi:snooping-global-enable>
          <hw-savi:snooping>
            <hw-savi:interface>
              <hw-savi:interface-name>GigabitEthernet1/0/2</hw-savi:interface-name>
              <hw-savi:snooping-trust-enable>true</hw-savi:snooping-trust-enable>
            </hw-savi:interface>
            <hw-savi:vlan-and-interface>
              <hw-savi:vlan-id>13</hw-savi:vlan-id>
              <hw-savi:interface-name>GigabitEthernet1/0/3</hw-savi:interface-name>
              <hw-savi:snooping-trust-enable>true</hw-savi:snooping-trust-enable>
            </hw-savi:vlan-and-interface>
          </hw-savi:snooping>
        </hw-savi:dhcp-snooping>
      </hw-savi:savi>
    </config>
  </edit-config>
</rpc>

Response example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message> Service process failed.</error-message>
    <error-info>Error on node /huawei-savi/savi/dhcp-snooping/snooping/interface[interface-name="GigabitEthernet1/0/2"]/snooping-trust-enable</error-info>
  </rpc-error>
</rpc-reply>

Disabling DHCP Snooping

This section provides a sample of disabling the DHCP snooping function using the rpc method.

Table 2-378 Disabling DHCP snooping

Operation	XPATH
rpc	/huawei-savi/savi/dhcp-snooping

Data Requirements

Item	Data	Description
Whether DHCP snooping is enabled globally	false	Disable DHCP snooping.

Request example

<rpc message-id="123" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-savi:savi xmlns:hw-savi="urn:huawei:params:xml:ns:yang:huawei-savi">
        <hw-savi:dhcp-snooping>
          <hw-savi:snooping-global-enable>
            <hw-savi:ipv4-enable>false</hw-savi:ipv4-enable>
          </hw-savi:snooping-global-enable>
        </hw-savi:dhcp-snooping>
      </hw-savi:savi>
    </config>
  </edit-config>
</rpc>

Response example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message> Service process failed.</error-message>
    <error-info>Error on node /huawei-savi/savi/dhcp-snooping/snooping/interface[interface-name="GigabitEthernet1/0/1"]/snooping-enable</error-info>
  </rpc-error>
</rpc-reply>

Disabling DHCP Snooping on an Interface

This section describes how to disable DHCP snooping on an interface using the rpc method.

Table 2-379 Disabling DHCP snooping on an interface

Operation	XPATH
rpc	/huawei-savi/savi/dhcp-snooping/snooping/interface/interface-name /huawei-savi/savi/dhcp-snooping/snooping/interface/snooping-trust-enable

Data Requirements

Item	Data	Description
Interface	GE1/0/1	Disable DHCP snooping on GE1/0/1.
Whether DHCP snooping is disabled	true	Disable DHCP snooping on GE1/0/1.

Request Example

<rpc message-id="123" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
        <interface>
          <name>GigabitEthernet1/0/1</name>
          <description>savi</description>
          <type xmlns:iana-if-type="urn:ietf:params:xml:ns:yang:iana-if-type">iana-if-type:ethernetCsmacd</type>
          <enabled>true</enabled>
        </interface>
      </interfaces>
      <hw-savi:dhcp-config xmlns:hw-savi="urn:huawei:params:xml:ns:yang:huawei-dhcp">
        <hw-savi:dhcpv4-config>
          <hw-savi:enable>true</hw-savi:enable>
        </hw-savi:dhcpv4-config>
      </hw-savi:dhcp-config>
      <hw-savi:savi xmlns:hw-savi="urn:huawei:params:xml:ns:yang:huawei-savi">
        <hw-savi:dhcp-snooping xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
          <hw-savi:snooping-global-enable>
              <hw-savi:ipv4-enable>true</hw-savi:ipv4-enable>
          </hw-savi:snooping-global-enable>
          <hw-savi:snooping>
            <hw-savi:interface>
              <hw-savi:interface-name>GigabitEthernet1/0/1</hw-savi:interface-name>
              <hw-savi:disable>true</hw-savi:disable>
           </hw-savi:interface>
         </hw-savi:snooping>
        </hw-savi:dhcp-snooping>
      </hw-savi:savi>
    </config>
  </edit-config>
</rpc>

Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message> Please enable DHCP snooping in the global view first.</error-message>
    <error-info>Error on node /huawei-savi:savi/dhcp-snooping/snooping/interface/disable</error-info>
  </rpc-error>
</rpc-reply>

Associating ARP with DHCP Snooping

This section describes how to associate ARP with DHCP snooping using the rpc method.

Table 2-380 Associating ARP with DHCP snooping

Operation	XPATH
rpc	/huawei-savi/savi/dhcp-snooping/snooping-global-enable/arp-detect-enable

Data Requirements

Item	Data	Description
Associating ARP with DHCP snooping	true	Enable association between ARP and DHCP snooping.

Request Example

<rpc message-id="123" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-savi:dhcp-config xmlns:hw-savi="urn:huawei:params:xml:ns:yang:huawei-dhcp">
        <hw-savi:dhcpv4-config>
          <hw-savi:enable>true</hw-savi:enable>
        </hw-savi:dhcpv4-config>
      </hw-savi:dhcp-config>
      <hw-savi:savi xmlns:hw-savi="urn:huawei:params:xml:ns:yang:huawei-savi">
        <hw-savi:dhcp-snooping xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
          <hw-savi:snooping-global-enable>
              <hw-savi:ipv4-enable>true</hw-savi:ipv4-enable>
              <hw-savi:arp-detect-enable>true</hw-savi:arp-detect-enable>
          </hw-savi:snooping-global-enable>
        </hw-savi:dhcp-snooping>
      </hw-savi:savi>
    </config>
  </edit-config>
</rpc>

Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message> Please enable DHCP snooping in the global view first.</error-message>
    <error-info>Error on node /huawei-savi:savi/dhcp-snooping/snooping-global-enable/arp-detect-enable</error-info>
  </rpc-error>
</rpc-reply>

Configuring DHCP Server Detection

This section describes how to configure DHCP server detection using the rpc method.

Table 2-381 Configuring DHCP server detection

Operation	XPATH
rpc	/huawei-savi/savi/dhcp-snooping/snooping-global-enable/server-detect-enable

Data Requirements

Item	Data	Description
DHCP server detection	true	Enable DHCP server detection.

Request Example

<rpc message-id="123" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-savi:dhcp-config xmlns:hw-savi="urn:huawei:params:xml:ns:yang:huawei-dhcp">
        <hw-savi:dhcpv4-config>
          <hw-savi:enable>true</hw-savi:enable>
        </hw-savi:dhcpv4-config>
      </hw-savi:dhcp-config>
      <hw-savi:savi xmlns:hw-savi="urn:huawei:params:xml:ns:yang:huawei-savi">
        <hw-savi:dhcp-snooping xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
          <hw-savi:snooping-global-enable>
              <hw-savi:ipv4-enable>true</hw-savi:ipv4-enable>
              <hw-savi:server-detect-enable>true</hw-savi:server-detect-enable>
          </hw-savi:snooping-global-enable>
        </hw-savi:dhcp-snooping>
      </hw-savi:savi>
    </config>
  </edit-config>
</rpc>

Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message> Please enable DHCP snooping in the global view first.</error-message>
    <error-info>Error on node /huawei-savi:savi/dhcp-snooping/snooping-global-enable/server-detect-enable</error-info>
  </rpc-error>
</rpc-reply>

Configuring Defense Against Bogus DHCP Message Attacks

This section describes how to configure defense against bogus DHCP message attacks using the rpc method.

Table 2-382 Configuring defense against bogus DHCP message attacks

Operation	XPATH
rpc	/huawei-savi/savi/dhcp-snooping/snooping/vlan/start-vlan-id /huawei-savi/savi/dhcp-snooping/snooping/vlan/check-dhcp-request /huawei-savi/savi/dhcp-snooping/snooping/vlan/check-dhcp-chaddr /huawei-savi/savi/dhcp-snooping/snooping/interface/interface-name /huawei-savi/savi/dhcp-snooping/snooping/interface/alarm/type /huawei-savi/savi/dhcp-snooping/snooping/interface/alarm/enable /huawei-savi/savi/dhcp-snooping/snooping/interface/alarm/threshold

Operation

XPATH

rpc

/huawei-savi/savi/dhcp-snooping/snooping/vlan/start-vlan-id
/huawei-savi/savi/dhcp-snooping/snooping/vlan/check-dhcp-request
/huawei-savi/savi/dhcp-snooping/snooping/vlan/check-dhcp-chaddr
/huawei-savi/savi/dhcp-snooping/snooping/interface/interface-name
/huawei-savi/savi/dhcp-snooping/snooping/interface/alarm/type
/huawei-savi/savi/dhcp-snooping/snooping/interface/alarm/enable
/huawei-savi/savi/dhcp-snooping/snooping/interface/alarm/threshold

Data Requirements

Item	Data	Description
VLAN	VLAN10	Enable the function of checking DHCP messages against the DHCP snooping binding table and the function of checking whether the source MAC address in a DHCP Request packet header is the same as the CHADDR field in VLAN 10. Configure the device to generate an alarm when the number of DHCPv4 request messages discarded on GE1/0/1 because these messages do not match the DHCP snooping binding table reaches the threshold.
Checking DHCP messages against the DHCP snooping binding table	true
Checking whether the source MAC address in a DHCP Request packet header is the same as the CHADDR field	true
Interface	GE1/0/1
DHCP snooping alarm type	dhcp-request
DHCP snooping alarm function	true
Alarm threshold for the number of discarded DHCP snooping messages	200

Request Example

<rpc message-id="123" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <vlans xmlns="urn:huawei:params:xml:ns:yang:huawei-vlan" xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:operation="merge">
         <vlan>
           <id>10</id>
        </vlan>
      </vlans>
      <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
        <interface>
          <name>GigabitEthernet1/0/1</name>
          <description>savi</description>
          <type xmlns:iana-if-type="urn:ietf:params:xml:ns:yang:iana-if-type">iana-if-type:ethernetCsmacd</type>
          <enabled>true</enabled>
        </interface>
      </interfaces>
      <hw-savi:dhcp-config xmlns:hw-savi="urn:huawei:params:xml:ns:yang:huawei-dhcp">
        <hw-savi:dhcpv4-config>
          <hw-savi:enable>true</hw-savi:enable>
        </hw-savi:dhcpv4-config>
      </hw-savi:dhcp-config>
      <hw-savi:savi xmlns:hw-savi="urn:huawei:params:xml:ns:yang:huawei-savi">
        <hw-savi:dhcp-snooping xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
          <hw-savi:snooping-global-enable>
              <hw-savi:ipv4-enable>true</hw-savi:ipv4-enable>
          </hw-savi:snooping-global-enable>
          <hw-savi:snooping>
           <hw-savi:vlan>
              <hw-savi:start-vlan-id>10</hw-savi:start-vlan-id>
              <hw-savi:check-dhcp-request>true</hw-savi:check-dhcp-request>
              <hw-savi:check-dhcp-chaddr>true</hw-savi:check-dhcp-chaddr>
           </hw-savi:vlan>
            <hw-savi:interface>
              <hw-savi:interface-name>GigabitEthernet1/0/1</hw-savi:interface-name>
                <hw-savi:alarm>
                  <hw-savi:type>dhcp-request</hw-savi:type>
                  <hw-savi:enable>true</hw-savi:enable>
                  <hw-savi:threshold>200</hw-savi:threshold>
               </hw-savi:alarm>
           </hw-savi:interface>
         </hw-savi:snooping>
        </hw-savi:dhcp-snooping>
      </hw-savi:savi>
    </config>
  </edit-config>
</rpc>

Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message> Please enable DHCP snooping in the global view first.</error-message>
    <error-info>Error on node /huawei-savi:savi/dhcp-snooping/snooping/vlan/check-dhcp-request</error-info>
  </rpc-error>
</rpc-reply>

Data Model
Configuring DHCP Snooping
Configuring an Interface as the Trusted Interface
Disabling DHCP Snooping
Disabling DHCP Snooping on an Interface
Associating ARP with DHCP Snooping
Configuring DHCP Server Detection
Configuring Defense Against Bogus DHCP Message Attacks

Translation

简体中文

Download

Updated: 2022-05-25

Document ID: EDOC1100126933

Downloads: 83

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

This document describes the NETCONF YANG API functions supported by the switch, including the data model and samples.

Data Model

Configuring DHCP Snooping

Data Requirements

Request example

Response example

Configuring an Interface as the Trusted Interface

Data Requirements

Request example

Response example

Disabling DHCP Snooping

Data Requirements

Request example

Response example

Disabling DHCP Snooping on an Interface

Data Requirements

Request Example

Response Example

Associating ARP with DHCP Snooping

Data Requirements

Request Example

Response Example

Configuring DHCP Server Detection

Data Requirements

Request Example

Response Example

Configuring Defense Against Bogus DHCP Message Attacks

Data Requirements

Request Example

Response Example

Related Version

Related Documents

Digital Signature File