234
enough available resources. Otherwise, DHCP Snooping will change the distributed
binging informaiton accordint to the new smaller max user number. When the number of
distributed bingding informaiton entries reaches the max limit, no new DHCP will be able
to become trust user or to access other network resouces via the switch.
Examples: Enable DHCP Snooping binding user funtion on Port ethernet1/1, setting the
max number of user allowed to access by Port Ethernet1/1 as 5.
Switch(Config-If-Ethernet1/1)# ip dhcp snooping binding user-control max-user 5
Related Command: ip dhcp snooping binding user-control
22.13 ip dhcp snooping trust
Command: ip dhcp snooping trust
no ip dhcp snooping trust
Function: Set or delete the DHCP Snooping trust attributes of a port.
Parameters: None
Command Mode: Port mode
Default Settings: By default, all ports are non-trusted ports
Usage Guide: Only when DHCP Snooping is globally enabled, can this command be set.
When a port turns into a trusted port from a non-trusted port, the original defense action of
the port will be automatically deleted; all the security history records will be cleared
(except the information in system log).
Example: Set port ethernet1/1 as a DHCP Snooping trusted port
switch(config)#interface ethernet 1/1
switch(Config- Ethernet 1/1)#ip dhcp snooping trust
22.14 ip dhcp snooping action
Command: ip dhcp snooping action {shutdown | blackhole} [recovery <second>]
no ip dhcp snooping action
Function: Set or delete the automatic defense action of a port.
Parameters:
shutdown: When the port detects a fake DHCP Server, it will be shutdown.
blackhole: When the port detects a fake DHCP Server, the vid and source
MAC of the fake packet will be used to block the traffic from this MAC.
recovery: Users can set to recover after the automatic defense action being
To Next Page
Loading...
