Dell PowerConnect 6248 User's Guide - Page 449
Switching, Ports, Port Configuration, DHCP Snooping Interface Configuration, DHCP Snooping
View all Dell PowerConnect 6248 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 449 highlights
To prevent DHCP packets from being used as a DoS attack when DHCP snooping is enabled, the snooping application enforces a rate limit for DHCP packets received on untrusted interfaces. DHCP snooping monitors the receive rate on each interface separately. If the receive rate exceeds the configuration limit, DHCP snooping brings down the interface. The port must be administratively enabled from the Switching →Ports →Port Configuration page (or the no shutdown CLI command) to further work with the port. You can configure both the rate and the burst interval. The DHCP snooping application processes incoming DHCP messages. For DHCPRELEASE and DHCPDECLINE messages, the application compares the receive interface and VLAN with the client's interface and VLAN in the binding database. If the interfaces do not match, the application logs the event and drops the message. For valid client messages, DHCP snooping compares the source MAC address to the DHCP client hardware address. Where there is a mismatch, DHCP snooping logs and drops the packet. You can disable this feature using the DHCP Snooping Interface Configuration page or by using the no ip dhcp snooping verify mac-address command. DHCP snooping forwards valid client messages on trusted members within the VLAN. If DHCP relay and/or DHCP server co-exist with the DHCP snooping, the DHCP client message will be sent to the DHCP relay and/or DHCP server to process further. To access the DHCP Snooping Interface Configuration page, click Switching →DHCP Snooping → Interface Configuration in the navigation tree. Figure 7-115. DHCP Snooping Interface Configuration The DHCP Snooping Interface Configuration page contains the following fields: • Port - Select the interface for which data is to be displayed or configured. • Trust State - If it is enabled, the DHCP snooping application considers the port as trusted. The default is Disable. Configuring Switching Information 449