Configuration procedure, Displaying and maintaining dhcp snooping – H3C Technologies H3C S10500 Series Switches User Manual

78

•

To identify DHCP packets from unauthorized DHCP servers, DHCP snooping delivers all incoming

DHCP packets to the CPU. If a malicious user sends a large number of DHCP requests to the DHCP

snooping device, the CPU of the device will be overloaded, and the device may even crash. To
solve this problem, you can configure DHCP packet rate limit on relevant interfaces.

Configuration procedure

Follow these steps to configure DHCP packet rate limit:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter Layer 2 Ethernet port
view or Layer 2 aggregate
interface view

interface interface-type

interface-number

—

Configure the maximum rate
of incoming DHCP packets

dhcp-snooping rate-limit rate

Required
Not configured by default.

Displaying and maintaining DHCP snooping

To do…

Use the command…

Remarks

Display DHCP snooping entries

display dhcp-snooping [ ip ip-address ]
[ | { begin | exclude | include }

regular-expression ]

Available in any view

Display Option 82 configuration
information on the DHCP snooping

device

display dhcp-snooping information { all |
interface interface-type interface-number }

[ | { begin | exclude | include }

regular-expression ]

Available in any view

Display DHCP packet statistics on the
DHCP snooping device (in standalone
mode)

display dhcp-snooping packet statistics
[ slot slot-number ] [ | { begin | exclude |
include } regular-expression ]

Available in any view

Display DHCP packet statistics on the
DHCP snooping device (in IRF mode)

display dhcp-snooping packet statistics
[ chassis chassis-number slot slot-number ]
[ | { begin | exclude | include }

regular-expression ]

Available in any view

Display information about trusted ports

display dhcp-snooping trust [ | { begin |
exclude | include } regular-expression ]

Available in any view

Display the DHCP snooping entry file
information

display dhcp-snooping binding database
[ | { begin | exclude | include }

regular-expression ]

Available in any view

Clear DHCP snooping entries

reset dhcp-snooping { all | ip ip-address } Available in user view

Clear DHCP packet statistics on the
DHCP snooping device (in standalone
mode)

reset dhcp-snooping packet statistics
[ slot slot-number ]

Available in user view

Clear DHCP packet statistics on the
DHCP snooping device (in IRF mode)

reset dhcp-snooping packet statistics
[ chassis chassis-number slot slot-number ] Available in user view