13 ip dhcp snooping trust, 14 ip dhcp snooping action, Ip dhcp snooping trust – PLANET XGS3-24040 User Manual

27-74

27.13 ip dhcp snooping trust

Command:

ip dhcp snooping trust

no ip dhcp snooping trust

Function:

Set or delete the DHCP Snooping trust attributes of a port.

Parameters:

None

Command Mode:

Port mode

Default Settings:

By default, all ports are non-trusted ports

Usage Guide:

Only when DHCP Snooping is globally enabled, can this command be set. When a port turns into a

trusted port from a non-trusted port, the original defense action of the port will be automatically

deleted; all the security history records will be cleared (except the information in system log).

Example:

Set port ethernet1/1 as a DHCP Snooping trusted port

switch(config)#interface ethernet 1/1

switch(Config- Ethernet 1/1)#ip dhcp snooping trust

27.14 ip dhcp snooping action

Command:

ip dhcp snooping action {shutdown | blackhole} [recovery <second>]

no ip dhcp snooping action

Function:

Set or delete the automatic defense action of a port.

Parameters:

shutdown: When the port detects a fake DHCP Server, it will be shutdown.

blackhole: When the port detects a fake DHCP Server, the vid and source MAC of the fake packet

will be used to block the traffic from this MAC.

recovery: Users can set to recover after the automatic defense action being executed.(no shut

ports or delete correponding blackhole）.

second: Users can set how long after the execution of defense action to recover. The unit is second,

and valid range is 10-3600.

Command Mode:

Port mode

Default Settings:

No default defense action.

Usage Guide:

Only when DHCP Snooping is globally enabled, can this command be set. Trusted port will not