dhcp snooping packet whitelist

Function

The dhcp snooping packet whitelist command creates a whitelist for DHCP packets.

The undo dhcp snooping packet whitelist command deletes a whitelist for DHCP packets.

By default, no whitelist is created, and packets are not filtered based on whitelists.

Format

dhcp snooping packet whitelist whitelist-name

undo dhcp snooping packet whitelist whitelist-name

Parameters

Parameter Description Value
whitelist-name

Specifies a whitelist name.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported. The value can be any combination of letters, digits, dots (.), or underscores (_).

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
dhcp write

Usage Guidelines

Usage Scenario

DHCP snooping whitelist is used on the AC and network sides of the UPE to filter DHCP packets to be sent to the CPU. After DHCP snooping is enabled, run the dhcp snooping packet whitelist command to create a whitelist. Only DHCP packets listed in the whitelist are sent to the CPU, and the DHCP packets not listed in the whitelist are simply forwarded. This protects the device against attacks.

Precautions

Note the following:

  • A maximum of eight whitelists can be configured for each VS.
  • If a whitelist has been applied, you must run the undo dhcp snooping apply packet whitelist command to cancel the application of the whitelist before deleting it.
  • To make a whitelist take effect, you must run the dhcp snooping enable command to enable DHCP snooping globally after the whitelist is applied.
  • In VS mode, this command is supported only by the admin VS.

Example

# Create the whitelist named whitelist1.
<HUAWEI> system-view
[~HUAWEI] dhcp snooping enable
[*HUAWEI] dhcp snooping packet whitelist whitelist1
Parent Topic: DHCP Snooping Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >