< Home

Configuring Alarms Used to Discard Packets

This section describes how to notify the NMS of attacks.

Prerequisites

Before configuring alarms about discarded packets, complete the following tasks:

  • Configure the DHCP server.

  • Configure a DHCP relay agent.

  • Configure the device to discard DHCP reply messages sent by untrusted interfaces.

  • Enable the device to check the DHCP snooping binding table.

  • Enable the device to check CHADDRs of DHCP request messages.

Procedure

  1. Access the system view. 

    system-view

  2. Perform either of the following operations to access a specific view:

    • To access the VLAN view, run:

      vlan vlan-id

    • To access the interface view, run:

      interface interface-type interface-number

  3. Enable the alarm function. 

    dhcp snooping alarm { arp | ip |dhcp-request | dhcp-chaddr | dhcp-reply } enable [ interface interface-type interface-number ]

  4. Set the alarm threshold of the maximum number of discarded packets.

    In the VLAN view, run:

    dhcp snooping alarm { arp | ip | dhcp-request | dhcp-chaddr | dhcp-reply } threshold threshold interface interface-type interface-number

    Or in the interface view, run:

    dhcp snooping alarm { arp | ip |dhcp-request | dhcp-chaddr | dhcp-reply } threshold threshold

Follow-up Procedure

  • Run the display dhcp snooping global command to view global DHCP snooping information.
  • Run the display dhcp snooping { interface interface-type interface-number | vlan vlan-id [ interface interface-type interface-number ] } command to view DHCP snooping information on a specified interface.

If the following results are displayed, the configuration is successful:

  • DHCP snooping is enabled in both the system and interface views.

  • Statistics about the discarded ARP, IP, and DHCP packets are displayed.

Parent Topic: DHCP Snooping
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >