R0106-HP MSR Router Series Layer 3 - IP Services Command Reference(V7)
87
Default
This function is disabled.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
DHCP-REQUEST packets include lease renewal packets, DHCP-DECLINE packets, and DHCP-RELEASE
packets. This function prevents unauthorized clients that forge DHCP-REQUEST packets from attacking the
DHCP server.
With this function enabled, DHCP snooping looks for a matching DHCP snooping entry for each
received DHCP-REQUEST message.
• If a match is found, DHCP snooping compares the entry with the message. If they have consistent
information, DHCP snooping considers the packet valid and forwards it to the DHCP server. If they
have different information, DHCP snooping considers the message invalid and discards it.
• If no match is found, DHCP snooping forwards the message to the DHCP server.
Examples
# Enable DHCP-REQUEST check for DHCP snooping.
<Sysname> system-view
[Sysname] interface gigabitethernet 2/1/1
[Sysname-GigabitEthernet2/1/1] dhcp snooping check request-message
dhcp snooping enable
Use dhcp snooping enable to enable DHCP snooping.
Use undo dhcp snooping enable to disable DHCP snooping.
Syntax
dhcp snooping enable
undo dhcp snooping enable
Default
DHCP snooping is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Use the DHCP snooping function together with trusted port configuration. Before trusted ports are
configured, all ports on the DHCP snooping device are untrusted and the device discards all responses
sent from DHCP servers.
When DHCP snooping is disabled, the device forwards all responses from DHCP servers.