15 ip dhcp snooping action maxnum, Ip dhcp snooping action – PLANET WGSW-50040 User Manual

Commands for Security Function Chapter 6 Commands for TACACS+

blackhole: When the port detects a fake DHCP Server, the vid and source MAC of the fake packet

will be used to block the traffic from this MAC.

recovery: Users can set to recover after the automatic defense action being executed.(no shut

ports or delete correponding blackhole）.

second: Users can set how long after the execution of defense action to recover. The unit is second,

and valid range is 10-3600.

Command Mode:

Port mode

Default Settings:

No default defense action.

Usage Guide:

Only when DHCP Snooping is globally enabled, can this command be set. Trusted port will not

detect fake DHCP Server, so, will never trigger the corresponding defense action. When a port turns

into a trusted port from a non-trusted port, the original defense action of the port will be

automatically deleted.

Example:

Set the DHCP Snooping defense action of port ethernet1/1 as setting blackhole, and the recovery

time is 30 seconds.

switch(config)#interface ethernet 1/1

switch(Config-Ethernet1/1)#ip dhcp snooping action blackhole recovery 30

16.15 ip dhcp snooping action MaxNum

Command:

ip dhcp snooping action {<maxNum>|default}

Function:

Set the number of defense action that can be simultaneously take effect.

Parameters:

<maxNum>: the number of defense action on each port, the range of which is 1-200, and the value

of which is 10 by default.

default: recover to the default value.

Command Mode:

Globe mode

Default Settings:

The default value is 10.

Usage Guide: