How to block a fake DHCP server without enabling DHCP snooping?

Scenario

How to block a fake DHCP server without enabling DHCP snooping and still fulfill the following requirements?

1. The trusted DHCP server is connected on port 40.

2. Block the fake DHCP server from other ports.

Step

Without enabling the DHCP snooping feature, we can use the ACL feature to fulfill the above requirement.

Please configure the following classifiers and policy rules for the switch with CLI commands.

Classifier

classifier "block DHCP" ethernet-type ip ip-protocol udp source-socket 67 destination-socket 68

=> To block DHCP server from all ports.

classifier "allow DHCP" ethernet-type ip source-port 40 ip-protocol udp source-socket 67 destination-socket 68

=> To allow Trusted DHCP server from the specific port 40.

Policy Rule

policy allow classifier "allow DHCP" egress-port 1 priority 0 dscp 0 tos 0 bandwidth 0 out-of-profile-dscp 0

=> Select classifier-block DHCP, action: drop packets.

policy block classifier "block DHCP" egress-port 1 priority 0 dscp 0 tos 0 bandwidth 0 out-of-profile-dscp 0 forward-action drop

=> Select classifier-allow DHCP, action: forward packets.

Verification

Connect the trusted DHCP server on port 40 and the PC on port 10.

The PC can receive the IP address successfully.

However, if you connect other DHCP servers to other ports and port 40 is disconnected, the PC on port 10 will be unable to get any IP address.

Zyxel Switch-How to block a fake DHCP server without enabling DHCP snooping?的更多相关文章

  1. DHCP Server (推荐使用Windows)

    一些小的服务 windows做的比linux好 DHCP服务概述: 名称:DHCP (Dynamic Host Configuration Protocol --动态主机配置协议) 功能:是一个局域网 ...

  2. DHCP server 冒充及DOS攻击处理方案

    一.DHCP服务器在运维上存在的常见问题: 1. DHCP服务器冒充 在DHCP服务器和客户端之间没有认证机制,如果在DHCP server覆盖的网络上随意接入一个DHCP server,就有可能造成 ...

  3. DHCP协议格式、DHCP服务搭建、DHCP协商交互过程入门学习

    相关学习资料 http://www.rfc-editor.org/rfc/rfc2131.txt http://baike.baidu.com/view/7992.htm?fromtitle=DHCP ...

  4. DHCP Server软件使用教程

    DHCP Server软件使用教程 前提网络环境配置 电脑连接上wifi 网络和共享中心中更改适配器,共享无线网卡给以太网网卡 手动设置以太网网卡ipv4地址为192.168.1.1,子网掩码为255 ...

  5. [DHCP服务]——一个验证DHCP原理实验(VMware)

    大致实验拓扑图 DHCP Server端的配置 1. 安装DHCP # yum -y install dhcp 2. 拷贝配置文件 # /dhcpd.conf.sample /etc/dhcp/dhc ...

  6. How to allow/block PING on Linux server – IPTables rules for icmp---reference

    BY ADMIN - APRIL, 9TH 2014 The ‘PING’, it’s a command-line tool to check a host is reachable or not. ...

  7. 基于USB网卡适配器劫持DHCP Server嗅探Windows NTLM Hash密码

    catalogue . DHCP.WPAD工作过程 . python Responder . USB host/client adapter(USB Armory): 包含DHCP Server . ...

  8. windows dhcp server

    windows7并没有自带dhcp server的功能,需要安装额外的软件,软件很小巧,只有几百K字节,下载地址http://www.dhcpserver.de/cms/download/ 假设解压路 ...

  9. 一起来当网管(一)——Windows Server上的DHCP配置

    学校实验室里大大小小设备还不少,网络环境虽说不复杂,但也比家用的复杂一些.就当练练手吧,刚好写点文章,免得以后实验室网络没人管了.那么就先从DHCP的配置来讲吧! 1.DHCP是什么.有什么用 DHC ...

随机推荐

  1. (3) 深入理解Java Class文件格式(二)

    好文转载:http://blog.csdn.net/zhangjg_blog/article/details/21487287 在上一篇文章 深入理解Java Class文件格式(一) 中, 介绍了c ...

  2. CentOS安装Nvidia显卡驱动提示Nouveau正在使用的问题

    如题,在安装Nvidia官方提供的驱动时,提示Nouveau正在被使用,需要停用后才能继续安装,在网上搜了不少方法,各种尝试后均无效. 最后通过设置内核启动参数给屏蔽了,方法如下: 切换到root用户 ...

  3. C#定时执行一个操作

    一个客户端向服务器端socket发送报文,但是服务器端限制了发送频率,假如10秒内只能发送1次,这时客户端也要相应的做限制,初步的想法是在配置文件中保存上次最后发送的时间,当前发送时和这个上次最后时间 ...

  4. 《BI项目笔记》创建多维数据集Cube(2)

    本节建立: 历年的初烟水分均值变化分析Cube:区域维度:地州,专县时间维度:年等级维度:大等级,小等级指标:水分均值 数据源视图: 数据处理: ) ) DELETE FROM T_QualMoist ...

  5. composer安装fxp插件时候提示内存不足且没有交换空间的解决办法

    The following exception is caused by a lack of memory and not having swap Check https://getcomposer. ...

  6. ruby 资源收集

    http://huacnlee.com/blog/archives/ 一个牛人李华顺的个人网站 http://api.rubyonrails.org/ 不错的ruby on rails学习网站 htt ...

  7. Server asks us to fall back to SIMPLE auth, but this client is configured to only allow secure connections.

    我是在flume向hdfs 写(sink)数据时遇到的这个错误. Server (是指hdfs) asks us to fall back to SIMPLE auth, but this clien ...

  8. stm32cube--串口

    1.printf函数重定向 ①以stm32f103rct6的usart1为例,打开cube,配置好RCC和USART1,生成mdk程序. ②打开工程,在main.c中 /* USER CODE BEG ...

  9. Python3.X新特性之print和exec

    print print 现在是一个函数,不再是一个语句.<语法更为清晰> 实例1 打开文件 log.txt 以便进行写入并将对象指定给 fid.然后利用 print将一个字符串重定向给文件 ...

  10. 腾讯云TDSQL审计原理揭秘

    版权声明:本文由孙勇福原创文章,转载请注明出处: 文章原文链接:https://www.qcloud.com/community/article/244 来源:腾云阁 https://www.qclo ...