< Home

dhcp snooping trusted

Function

The dhcp snooping trusted command sets the status of a Layer-3 interface or a VLAN to trusted.

The undo dhcp snooping trusted command sets the status of a Layer-3 interface or a VLAN to untrusted.

Format

dhcp snooping trusted [ interface interface-type interface-number ]

undo dhcp snooping trusted [ interface interface-type interface-number ]

Parameters

Parameter Description Value
interface interface-type interface-number Specifies the type and number of an interface. It can be configured only in the VLAN view.

Views

Interface view and VLAN view

Default Level

2: Configuration level

Usage Guidelines

Discard the DHCP reply (Offer, ACK and NAK) messages received from untrusted interface to avoid the attack from the bogus DHCP server.

The interface information is optional. If the status of interface is not set as trusted and the status of VLAN is set as trusted, the reply messages from the VLAN are forwarded normally.

By default, when DHCP snooping is disabled, the status of a Layer-3 interface or a VLAN is trusted.

By default, when DHCP snooping is enabled, the status of a Layer-3 interface or a VLAN is untrusted.

Example

# Set the status of Vlanif 1 to trusted.

<sysname> system-view
[sysname] interface Vlanif 1
[sysname-Vlanif1] dhcp snooping trusted
Parent Topic: DHCP Snooping Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >