mac

Commands for DHCP Snooping

360

blackhole, and the recovery time is 30 seconds.

switch(config)#interface ethernet 1/1

switch(Config-Ethernet1/1)#ip dhcp snooping action blackhole recovery 30

31.9 ip dhcp snooping action MaxNum

Command: ip dhcp snooping action {<maxNum>|default}

Function: Set the number of defense action that can be simultaneously took effect.

Parameters: <maxNum>: the number of defense action on each port, the range of

which is 1-200, and the value of which is 10 by default.

default: recover to the default value.

Command Mode: Globe mode

Default Settings: The default value is 10.

Usage Guide: Set the max number of defense actions to avoid the resource exhaustion

of the switch caused by attacks. If the number of alarm information is larger than the set

value, then the earliest defense action will be recovered forcibly in order to send new

defense actions.

Example: Set the number of port defense actions as 100.

switch(config)#ip dhcp snooping action 100

31.10 ip dhcp snooping binding

Command: ip dhcp snooping binding enable

no ip dhcp snooping binding enable

Function: Enable the DHCP Snooping binding funciton

Parameters: None.

Command Mode: Globe mode

Default Settings: DHCP Snooping binding is disabled by default.

Usage Guide: When the function is enabled, it will record the binding information

allocated by DHCP Server of all trusted ports. Only after the DHCP SNOOPING function

is enabled, the binding function can be enabled.

Example: Enable the DHCP Snooping binding funciton.

switch(config)#ip dhcp snooping binding enable

Relative Command: ip dhcp snooping enable