dhcp snooping trusted (interface view)

Function

The dhcp snooping trusted command configures an interface as a trusted interface.

The undo dhcp snooping trusted command restores the default configuration.

By default, after DHCP snooping is enabled, all interfaces are untrusted interfaces.

Format

dhcp snooping trusted

undo dhcp snooping trusted

Parameters

None

Views

100GE interface view, 10GE interface view, 40GE interface view, Eth-Trunk interface view, FlexE sub-interface view, GE optical interface view, GE electrical interface view, Sub-interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
dhcp write

Usage Guidelines

Usage Scenario

Bogus DHCP servers may send incorrect IP addresses to DHCP clients. As a result, DHCP clients cannot obtain services. To resolve this problem, you can enable DHCP snooping and configure interfaces connected with legitimate DHCP servers trusted. The other interfaces are untrusted by default. The device discards the DHCP reply packets received from untrusted interfaces to prevent bogus DHCP server attacks.

Prerequisites

DHCP snooping has been enabled globally by running the dhcp snooping enable command.

Precautions

After DHCP snooping is enabled, all interfaces are untrusted by default.

When DHCP snooping is disabled, all interfaces are trusted by default.

If an interface is changed from untrusted to trusted, the dynamic DHCP snooping binding table is deleted from the interface.

Example

# Configure GigabitEthernet 0/1/24 as a trusted interface.
<HUAWEI> system-view
[~HUAWEI] dhcp snooping enable
[*HUAWEI] interface GigabitEthernet 0/1/24
[*HUAWEI-GigabitEthernet0/1/24] dhcp snooping enable
[*HUAWEI-GigabitEthernet0/1/24] dhcp snooping trusted
Parent Topic: DHCP Snooping Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >