Dhcp, Nooping, Roubleshooting – QTECH QSW-2800 Инструкция по настройке User Manual

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

233

port 1/1 of the switch. It operates via DHCP Client, IP 1.1.1.5; DHCP Server and GateWay are

connected to the trusted ports 1/11 and 1/12 of the switch; the malicious user Mac-BB is

connected to the non-trusted port 1/10, trying to fake a DHCP Server (by sending DHCPACK) .

Setting DHCP Snooping on the switch will effectively detect and block this kind of network

attack.

Configuration sequence is:

switch#

switch#config

switch(config)#ip dhcp snooping enable

switch(config)#interface ethernet 1/11

switch(Config-If-Ethernet1/11)#ip dhcp snooping trust

switch(Config-If-Ethernet1/11)#exit

switch(config)#interface ethernet 1/12

switch(Config-If-Ethernet1/12)#ip dhcp snooping trust

switch(Config-If-Ethernet1/12)#exit

switch(config)#interface ethernet 1/1-10

switch(Config-Port-Range)#ip dhcp snooping action shutdown

switch(Config-Port-Range)#

32.4 DHCP Snooping

Troubleshooting Help

32.4.1 Monitor and Debug Information

The “debug ip dhcp snooping” command can be used to monitor the debug information.

32.4.2 DHCP Snooping Troubleshooting Help

If there is any problem happens when using DHCP Snooping function, please check if the

problem is caused by the following reasons:

Check that whether the global DHCP Snooping is enabled;

If the port does not react to invalid DHCP Server packets, please check that whether the port is

set as a non-trusted port of DHCP Snooping.