110
snooping considers this request valid and forwards it to the DHCP server. If they are not the same,
DHCP snooping discards the DHCP request.
Examples
# Enable MAC address check for DHCP snooping.
<Sysname> system-view
[Sysname] interface hundredgige 1/0/1
[Sysname-HundredGigE1/0/1] dhcp snooping check mac-address
dhcp snooping check request-message
Use dhcp snooping check request-message to enable DHCP-REQUEST check for DHCP
snooping.
Use undo dhcp snooping check request-message to disable DHCP-REQUEST check for DHCP
snooping.
Syntax
dhcp snooping check request-message
undo dhcp snooping check request-message
Default
DHCP-REQUEST check for DHCP snooping is disabled.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
DHCP-REQUEST packets include lease renewal packets, DHCP-DECLINE packets, and
DHCP-RELEASE packets. This feature prevents unauthorized clients that forge DHCP-REQUEST
packets from attacking the DHCP server.
With this feature enabled, DHCP snooping looks for a matching DHCP snooping entry for each
received DHCP-REQUEST message.
• If a match is found, DHCP snooping compares the entry with the message. If they have
consistent information, DHCP snooping considers the packet valid and forwards it to the DHCP
server. If they have different information, DHCP snooping considers the message invalid and
discards it.
• If no match is found, DHCP snooping forwards the message to the DHCP server.
Examples
# Enable DHCP-REQUEST check for DHCP snooping.
<Sysname> system-view
[Sysname] interface hundredgige 1/0/1
[Sysname-HundredGigE1/0/1] dhcp snooping check request-message
dhcp snooping deny
Use dhcp snooping deny to configure a port as DHCP packet blocking port.
Use undo dhcp snooping deny to restore the default.
To Next Page
Loading...
