< Home

dhcp snooping user-transfer enable

Function

The dhcp snooping user-transfer enable command enables location transition for DHCP snooping users.

The undo dhcp snooping user-transfer enable command disables location transition for DHCP snooping users.

By default, location transition is enabled for DHCP snooping users.

Format

dhcp snooping user-transfer enable

undo dhcp snooping user-transfer enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a mobile user goes online through interface A, goes offline, and then goes online through interface B, the user sends a DHCP Discover message to apply an IP address. By default, if DHCP snooping is enabled on the device, the device allows the user to go online and updates the DHCP snooping binding entries. However, this may bring security risks. For example, if an attacker pretends an authorized user to send a DHCP Discover message, the authorized user cannot access the network after the DHCP snooping binding table is updated. To prevent such attacks, you can disable the DHCP snooping location transition function. After this function is disabled, the device discards the DHCP Discover messages sent by a user who has an entry in the DHCP snooping binding table (user's MAC address exists in the DHCP snooping binding table) through another interface.

Prerequisites

DHCP snooping has been enabled on the device using the dhcp snooping enable command.

Example

# Disable location transition for DHCP snooping users.

<HUAWEI> system-view
[HUAWEI] dhcp enable
[HUAWEI] dhcp snooping enable
[HUAWEI] undo dhcp snooping user-transfer enable
Parent Topic: DHCP Snooping Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >