15 ip dhcp snooping action maxnum, 16 ip dhcp snooping limit-rate, Ip dhcp snooping action – PLANET XGS3-24040 User Manual

27-75

detect fake DHCP Server, so, will never trigger the corresponding defense action. When a port turns

into a trusted port from a non-trusted port, the original defense action of the port will be

automatically deleted.

Example:

Set the DHCP Snooping defense action of port ethernet1/1 as setting blackhole, and the recovery

time is 30 seconds.

switch(config)#interface ethernet 1/1

switch(Config-Ethernet1/1)#ip dhcp snooping action blackhole recovery 30

27.15 ip dhcp snooping action MaxNum

Command:

ip dhcp snooping action {|default}

Function:

Set the number of defense action that can be simultaneously take effect.

Parameters:

: the number of defense action on each port, the range of which is 1-200, and the value

f which is 10 by default.

default: recover to the default value.

Command Mode:

Globe mode

Default Settings:

The default value is 10.

Usage Guide:

Set the max number of defense actions to avoid the resource exhaustion of the switch caused by

attacks. If the number of alarm information is larger than the set value, then the earliest defense

action will be recovered forcibly in order to send new defense actions.

Example:

Set the number of port defense actions as 100.

switch(config)#ip dhcp snooping action 100

27.16 ip dhcp snooping limit-rate

Command:

ip dhcp snooping limit-rate <pps>

no ip dhcp snooping limit-rate

Function:

Set the DHCP message rate limit

Parameters:

: The number of DHCP messages transmitted in every minute, ranging from 0 to 100. Its

default value is 100. 0 means that no DHCP message will be transmitted.