DHCP Snooping Configuration

DHCP Snooping Overview

This section describes the basic concepts of Dynamic Host Configuration Protocol (DHCP) snooping.

Configuration Precautions for DHCP snooping

Configuring Defense Against Bogus DHCP ServerAttacks

This section describes how to configure defense against bogus Dynamic Host Configuration Protocol (DHCP) server attacks.

Configuring Defense Against Man-in-the-Middle Attacks and IP/MAC Address Spoofing

This section describes how to configure the IP/MAC address binding and Option 82 functions to prevent man-in-the-middle attacks and IP/MAC address spoofing.

Preventing DoS Attacks by Changing the CHADDRField

This section describes how to prevent attackers from attacking the Dynamic Host Configuration Protocol (DHCP) server by modifying the client hardware address (CHADDR) field.

Configuring Defense Against DHCP Exhaustion Attacks

This section describes how to prevent the attackers from attacking the Dynamic Host Configuration Protocol (DHCP) server by forging the DHCP packets for extending IP address leases.

Setting the Maximum Number of DHCP Clients

The maximum number of Dynamic Host Configuration Protocol (DHCP) clients that log in from an interface can be specified.

Configuring the DHCP Snooping Packet Sending Method

Configuring DHCP Snooping Whitelists

This section describes how to configure the whitelist function for DHCP snooping so that DHCP packets are filtered based on the whitelist rules.

Configuring DHCP Snooping Binding Table Maintenance

Dynamic Host Configuration Protocol (DHCP) snooping binding table maintenance allows the device to delete, back up, and transfer the DHCP binding table.

Maintaining DHCP Snooping

This section describes how to delete statistics on Dynamic Host Configuration Protocol (DHCP) snooping globally.

Configuration Examples for DHCP Snooping

This section provides configuration examples for configurations related to Dynamic Host Configuration Protocol (DHCP) snooping.