235
executed.(no shut ports or delete correponding blackhole).
second: Users can set how long after the execution of defense action to
recover. The unit is second, and valid range is 10-3600.
Command Mode: Port mode
Default Settings: No default defense action.
Usage Guide: Only when DHCP Snooping is globally enabled, can this command be set.
Trusted port will not detect fake DHCP Server, so, will never trigger the corresponding
defense action. When a port turns into a trusted port from a non-trusted port, the original
defense action of the port will be automatically deleted.
Example: Set the DHCP Snooping defense action of port ethernet1/1 as setting blackhole,
and the recovery time is 30 seconds.
switch(config)#interface ethernet 1/1
switch(Config-Ethernet1/1)#ip dhcp snooping action blackhole recovery 30
22.15 ip dhcp snooping action MaxNum
Command: ip dhcp snooping action {<maxNum>|default}
Function: Set the number of defense action that can be simultaneously take effect.
Parameters: <maxNum>: the number of defense action on each port, the range of which
is 1-200, and the value of which is 10 by default.
default: recover to the default value.
Command Mode: Globe mode
Default Settings: The default value is 10.
Usage Guide: Set the max number of defense actions to avoid the resource exhaustion
of the switch caused by attacks. If the number of alarm information is larger than the set
value, then the earliest defense action will be recovered forcibly in order to send new
defense actions.
Example: Set the number of port defense actions as 100.
switch(config)#ip dhcp snooping action 100
22.16 ip dhcp snooping limit-rate
Command: ip dhcp snooping limit-rate <pps>
no ip dhcp snooping limit-rate
Function: Set the DHCP message rate limit
To Next Page
Loading...
