EasyManuals Logo

Digitalchina Networks DCS-3950 series User Manual

Digitalchina Networks DCS-3950 series
394 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #334 background imageLoading...
Page #334 background image
324
DCS-3950 series Ethernet switch manual
19.2.2.7 ip dhcp snooping trust
Command:ip dhcp snooping trust
no ip dhcp snooping trust
Function: Set or delete the DHCP Snooping trust attributes of a port.
Parameters:None
Command mode:Port Mode
Default:By default, all ports are non-trusted ports
Usage Guide:Only when DHCP Snooping is globally enabled, can this command be set.
When a port turns into a trusted port from a non-trusted port, the original defense action of
the port will be automatically deleted; all the security history records will be cleared
(except the information in system log).
Example:Set port ethernet 0/0/1 as a DHCP Snooping trusted port
Switch(Config)#interface ethernet 0/0/1
Switch(Config- Ethernet 0/0/1)#ip dhcp snooping trust
19.2.2.8 ip dhcp snooping action
Command:ip dhcp snooping action {shutdown|blackhole} [recovery <second>]
no ip dhcp snooping action
Function: Set or delete the automatic defense action of a port.
Parameters:
shutdown: When the port detects a fake DHCP Server, it will be shutdown.
blackhole
:
When the port detects a fake DHCP Server, the vid and source MAC of the
fake packet will be used to block the traffic from this MAC.
Recovery
:
Users can set to recover after the automatic defense action being
executed.(no shut ports or delete correponding blackhole)
Second
:
Users can set how long after the execution of defense action to recover. The unit
is second, and valid range is 10-3600.
Command mode:Port Mode
Default:No default defense action.
Usage Guide:Only when DHCP Snooping is globally enabled, can this command be set.
Trusted port will not detect fake DHCP Server, so, will never trigger the corresponding
defense action. When a port turns into a trusted port from a non-trusted port, the original
defense action of the port will be automatically deleted.
Example:Set the DHCP Snooping defense action of port ethernet0/0/1 as setting
blackhole, and the recovery time is 30 seconds.
Switch(Config)#interface ethernet 0/0/1
Switch(Config- Ethernet 0/0/1)#ip dhcp snooping action blackhole recovery 30
19.2.2.9 ip dhcp snooping action MaxNum
Command:ip dhcp snooping action {<maxNum>|default}
Function: Set the number of defense action that can be simultaneously taken effect.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Digitalchina Networks DCS-3950 series and is the answer not in the manual?

Digitalchina Networks DCS-3950 series Specifications

General IconGeneral
BrandDigitalchina Networks
ModelDCS-3950 series
CategoryNetwork Router
LanguageEnglish