Configuring dhcp packet rate limit, Displaying and maintaining dhcp snooping, Dhcp option customization configuration example – H3C Technologies H3C S12500-X Series Switches User Manual

72

Step Command

Remarks

1.

Enter system view.

system-view N/A

2.

Enter interface view of a layer
2 Ethernet interface or a layer

2 aggregate interface.

interface interface-type
interface-number

N/A

3.

Set the maximum number of

DHCP snooping entries that
the interface can learn.

dhcp snooping max-learning-num
number

By default, the number of DHCP
snooping entries for an interface to

learn is not limited.

Configuring DHCP packet rate limit

Perform this task to configure the maximum rate at which an interface can receive DHCP packets. This

feature discards exceeding DHCP packets to prevent attacks that send large numbers of DHCP packets.
To configure DHCP packet rate limit:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view of a layer 2
Ethernet interface or a layer 2

aggregate interface.

interface interface-type
interface-number

N/A

3.

Configure the maximum rate at

which the interface can receive
DHCP packets.

dhcp snooping rate-limit rate

By default, incoming DHCP
packets are not rate limited.
You can configure this command

only on Layer 2 Ethernet
interfaces and Layer 2 aggregate

interfaces.
If you configure the rate on a

Layer 2 Ethernet interface that is a
member port of a Layer 2

aggregate interface, the Layer 2

Ethernet interface uses the DHCP
packet maximum rate configured

on the Layer 2 aggregate

interface. If the Layer 2 Ethernet
interface leaves the aggregation

group, it uses its own DHCP

packet maximum rate.

Displaying and maintaining DHCP snooping

Execute display commands in any view, and reset commands in user view.

Task Command Remarks

Display DHCP snooping entries.

display dhcp snooping binding [ ip
ip-address [ vlan vlan-id ] ]

Available in any
view.