Block third-party DHCP servers on the Huawei Quidway S2300

I will give an example of how on the Huawei Quidway S2300 switch (using the S2326TP-EI as an example) to allow receiving DHCP responses from the uplink port and prohibiting client responses.

First, enable dhcp snooping:

dhcp enable
dhcp snooping enable
dhcp server detect

Let’s enable dhcp snooping in the client vlan:

vlan 226
dhcp snooping enable

And allow DHCP responses from the incoming uplink port:

interface GigabitEthernet0/0/1
dhcp snooping trusted

After that, responses from DHCP servers will be blocked on ports where “dhcp snooping trusted” is not indicated.

Save the configuration:

save config.cfg

Is done.

Blocking third-party DHCP on Cisco via DHCP Snooping

On the test, I configure DHCP Snooping on the Cisco Catalyst 6509-E to block third-party DHCP servers, on the other Cisco switches, the configuration is basically the same.

After connecting to the device immediately go to the configuration mode:


Continue reading “Blocking third-party DHCP on Cisco via DHCP Snooping”