Configuring unauthorized dhcp server detection, Configuring dhcp snooping to support option 82 – H3C Technologies H3C S3100 Series Switches User Manual

3-7

Configuring Unauthorized DHCP Server Detection

Only the S3100-SI series among S3100 series switches support the unauthorized DHCP server

detection.

Follow these steps to configure unauthorized DHCP server detection:

Operation

Command

Description

Enter system view

system-view

—

Enter Ethernet port view

interface interface-type
interface-number

—

Enable unauthorized DHCP
server detection

dhcp-snooping server-guard
enable

Required

Disabled by default.

Specify the method for handling
unauthorized DHCP servers

dhcp-snooping server-guard
method { trap | shutdown }

Optional

By default, the handling method
is trap.

Return to system view

quit

—

Specify a source MAC address
for DHCP-DISCOVER
messages sent by the snooping
device

dhcp-snooping server-guard
source-mac mac-address

Optional

By default, the source MAC
address of DHCP-DISCOVER
messages is the bridge MAC
address of the switch.

Display information about
unauthorized DHCP servers

display dhcp-snooping
server-guard

Available in any view

z

You need to enable DHCP snooping before enabling unauthorized DHCP server detection.

z

Do not configure unauthorized DHCP server detection on a member port of a link aggregation

group.

z

Currently, after specifying the source MAC address for DHCP-DISCOVER messages on an

S3100-SI series switch, you cannot use the VLAN-VPN tunnel function at the same time, and vice

versa. In addition, after you specify the source MAC address for DHCP-DISCOVER messages, the

IGMP snooping function cannot learn router interfaces through PIM messages. For information

about router interfaces, refer to Multicast Operation.

Configuring DHCP Snooping to Support Option 82