Zyxel Switch-How to block a fake DHCP server without enabling DHCP snooping?
How to block a fake DHCP server without enabling DHCP snooping?
Scenario
How to block a fake DHCP server without enabling DHCP snooping and still fulfill the following requirements?
1. The trusted DHCP server is connected on port 40.
2. Block the fake DHCP server from other ports.
Step
Without enabling the DHCP snooping feature, we can use the ACL feature to fulfill the above requirement.
Please configure the following classifiers and policy rules for the switch with CLI commands.
Classifier
classifier "block DHCP" ethernet-type ip ip-protocol udp source-socket 67 destination-socket 68
=> To block DHCP server from all ports.
classifier "allow DHCP" ethernet-type ip source-port 40 ip-protocol udp source-socket 67 destination-socket 68
=> To allow Trusted DHCP server from the specific port 40.
Policy Rule
policy allow classifier "allow DHCP" egress-port 1 priority 0 dscp 0 tos 0 bandwidth 0 out-of-profile-dscp 0
=> Select classifier-block DHCP, action: drop packets.
policy block classifier "block DHCP" egress-port 1 priority 0 dscp 0 tos 0 bandwidth 0 out-of-profile-dscp 0 forward-action drop
=> Select classifier-allow DHCP, action: forward packets.
Verification
Connect the trusted DHCP server on port 40 and the PC on port 10.
The PC can receive the IP address successfully.
However, if you connect other DHCP servers to other ports and port 40 is disconnected, the PC on port 10 will be unable to get any IP address.
Zyxel Switch-How to block a fake DHCP server without enabling DHCP snooping?的更多相关文章
- DHCP Server (推荐使用Windows)
一些小的服务 windows做的比linux好 DHCP服务概述: 名称:DHCP (Dynamic Host Configuration Protocol --动态主机配置协议) 功能:是一个局域网 ...
- DHCP server 冒充及DOS攻击处理方案
一.DHCP服务器在运维上存在的常见问题: 1. DHCP服务器冒充 在DHCP服务器和客户端之间没有认证机制,如果在DHCP server覆盖的网络上随意接入一个DHCP server,就有可能造成 ...
- DHCP协议格式、DHCP服务搭建、DHCP协商交互过程入门学习
相关学习资料 http://www.rfc-editor.org/rfc/rfc2131.txt http://baike.baidu.com/view/7992.htm?fromtitle=DHCP ...
- DHCP Server软件使用教程
DHCP Server软件使用教程 前提网络环境配置 电脑连接上wifi 网络和共享中心中更改适配器,共享无线网卡给以太网网卡 手动设置以太网网卡ipv4地址为192.168.1.1,子网掩码为255 ...
- [DHCP服务]——一个验证DHCP原理实验(VMware)
大致实验拓扑图 DHCP Server端的配置 1. 安装DHCP # yum -y install dhcp 2. 拷贝配置文件 # /dhcpd.conf.sample /etc/dhcp/dhc ...
- How to allow/block PING on Linux server – IPTables rules for icmp---reference
BY ADMIN - APRIL, 9TH 2014 The ‘PING’, it’s a command-line tool to check a host is reachable or not. ...
- 基于USB网卡适配器劫持DHCP Server嗅探Windows NTLM Hash密码
catalogue . DHCP.WPAD工作过程 . python Responder . USB host/client adapter(USB Armory): 包含DHCP Server . ...
- windows dhcp server
windows7并没有自带dhcp server的功能,需要安装额外的软件,软件很小巧,只有几百K字节,下载地址http://www.dhcpserver.de/cms/download/ 假设解压路 ...
- 一起来当网管(一)——Windows Server上的DHCP配置
学校实验室里大大小小设备还不少,网络环境虽说不复杂,但也比家用的复杂一些.就当练练手吧,刚好写点文章,免得以后实验室网络没人管了.那么就先从DHCP的配置来讲吧! 1.DHCP是什么.有什么用 DHC ...
随机推荐
- 2D空间中求一点是否在多边形内
参考自这篇博文:http://www.cnblogs.com/dabiaoge/p/4491540.html 一开始没仔细看做法,浪费了不少时间.下面是最终实现的效果: 大致流程: 1.随便选取多边形 ...
- 使用IOS7原生API进行二维码条形码的扫描
使用IOS7原生API进行二维码条形码的扫描 IOS7之前,开发者进行扫码编程时,一般会借助第三方库.常用的是ZBarSDK,IOS7之后,系统的AVMetadataObject类中,为我们提供了解析 ...
- [问题2014S08] 复旦高等代数II(13级)每周一题(第八教学周)
[问题2014S08] 设分块上三角阵 \[A=\begin{bmatrix} A_1 & B \\ 0 & A_2 \end{bmatrix},\] 其中 \(m\) 阶方阵 \( ...
- mysql 增删改查基本语句
增: insert insert into 表名(字段1,字段2,字段3......字段N) values(值1,值2,值3): 如果不申明插入那些字段,则默认所有字段. 在插入时注意,往哪个表增加, ...
- php : 匿名函数(闭包) [二]
摘自: http://www.cnblogs.com/yjf512/archive/2012/10/29/2744702.html php的闭包(Closure)也就是匿名函数.是PHP5.3引入的. ...
- hdu 5542 The Battle of Chibi(2015CCPC - C题)
题目链接:hdu 5542 首届CCPC的C题,比赛时一起搞了好久,最后是队友A出的,当时有试过用树状数组来优化 dp,然后今天下午也用树状数组搞了一下午,结果还是踩了和当时一样的坑:我总是把用来记录 ...
- 【ros】.bag文件
Bags are typically created by a tool like rosbag They store the serialized message data in a file as ...
- VMWARE + CENTOS在windows下配置cocos2d-x android开发环境
VMWARE + CENTOS在windows配置cocos2d-x android开发环境 之前使用cygwin在windows开发android,后来使用了c++11特性,在cygwin中更新工具 ...
- JavaScript数组API
1.将数组转化为字符串:2种: 1.var str=String(str); 将数组转化为字符串并分隔每个元素 ...
- springmvc自定义日期编辑器
1.控制器 @Controller public class MyController { // 处理器方法 @RequestMapping(value = "/first.do" ...