H12-721 Exam Dumps : Huawei Certified ICT Professional - Constructing Infrastructure of Security Network

Note: DHCP snooping is a DHCP security feature that filters DHCP messages that do not contain information through MAC address restriction, DHCP snooping security binding, IP+MAC binding, and Option 82 features. DHCP DoS attack, DHCP server spoofing attack, ARP man-in-the-middle attack, and IP/MAC Snooping attack. DHCP snooping is enabled on all interfaces of the DHCP client. If the user-side interface is not configured with the Trusted mode, the interface is enabled with the Snooping feature. The default interface mode is Untrusted. This prevents the DHCP server from being attacked by the bogus. To prevent the attack from being attacked by the DHCP server, you can configure the DHCP snooping function on the device to configure the interface on the user side as Untrusted and the interface on the DHCP server as Trusted. All received from the Untrusted interface. DHCP relay packets are discarded. DHCP snooping is configured on the firewall. The DHCP snooping binding function is used to forward packets only if the received packets are the same as those in the binding table. Otherwise, the packets are discarded.

Note: The connection status data to be backed up in the HRP function includes: TCP/UDP session table, Server-Map entry, dynamic blacklist, No-PAT entry, and ARP entry.