9 ip dhcp snooping action maxnum, Ip dhcp snooping action – PLANET XGS3-24042 User Manual

30-93

Usage Guide:

Only when DHCP Snooping is globally enabled, can this command be set. Trusted port will not

detect fake DHCP Server, so, will never trigger the corresponding defense action. When a port turns

into a trusted port from a non-trusted port, the original defense action of the port will be

automatically deleted.

Example:

Set the DHCP Snooping defense action of port ethernet1/0/1 as setting blackhole, and the recovery

time is 30 seconds.

switch(config)#interface ethernet 1/0/1

switch(Config-Ethernet1/0/1)#ip dhcp snooping action blackhole recovery 30

30.9 ip dhcp snooping action MaxNum

Command:

ip dhcp snooping action {|default}

Function:

Set the number of defense action that can be simultaneously take effect.

Parameters:

: the number of defense action on each port, the range of which is 1-200, and the value

f which is 10 by default.

default: recover to the default value.

Command Mode:

Globe mode

Default Settings:

The default value is 10.

Usage Guide:

Set the max number of defense actions to avoid the resource exhaustion of the switch caused by

attacks. If the number of alarm information is larger than the set value, then the earliest defense

action will be recovered forcibly in order to send new defense actions.

Example:

Set the number of port defense actions as 100.

switch(config)#ip dhcp snooping action 100