11-2
Configuring Advanced Threat Protection
DHCP Snooping
• Attempts to fill all IP address entries in the switch’s forwarding table
and cause legitimate traffic to be dropped, indicated by an increased
number of learned IP destination addresses
• Attempts to spread viruses, indicated by an increased number of ARP
request packets
• Attempts to exhaust system resources so that sufficient resources are
not available to transmit legitimate traffic, indicated by an unusually
high use of specific system resources
• Attempts to attack the switch’s CPU and introduce delay in system
response time to new network events
• Attempts by hackers to access the switch, indicated by an excessive
number of failed logins or port authentication failures
• Attempts to deny switch service by filling the forwarding table, indi-
cated by an increased number of learned MAC addresses or a high
number of MAC address moves from one port to another
• Attempts to exhaust available CPU resources, indicated by an
increased number of learned MAC address events being discarded
DHCP Snooping
Command Page
dhcp-snooping page 11-4
authorized-server page 11-7
database page 11-11
option page 11-8
trust page 11-6
verify page 11-10
vlan page 11-6
show dhcp-snooping page 11-4
show dhcp-snooping stats page 11-5
dhcp-snooping binding page 11-12
debug dhcp-snooping page 11-12
To Next Page
Loading...
Need help?
General