< Home

(Optional) Disabling Location Transition for DHCP Snooping Users

Context

When a mobile user connects to the network through interface A, and then reconnects through interface B, the user sends a DHCP Discover message to reapply for an IP address. By default, if DHCP snooping is enabled on the device, the device allows the user to go online and updates the DHCP snooping binding entries. However, this may bring security risks. For example, if an attacker pretends to be an authorized user and sends a DHCP Discover message, the authorized user is disconnected after the DHCP snooping binding table is updated. To prevent such attacks, disable the DHCP snooping location transition function, after which the device discards the DHCP Discover messages sent by a user who has an entry in the DHCP snooping binding table (the user whose MAC address exists in the DHCP snooping binding table) if the packet is sent through another interface.

Interface A and interface B must belong to the same VLAN.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run undo dhcp snooping user-transfer enable

    Location transition is disabled for DHCP snooping users.

    By default, location transition is enabled for DHCP snooping users.

Parent Topic: Configuring Basic Functions of DHCP Snooping
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >