Manualshelf

Specifications

ManualsBrandsDigitalchina Networks ManualsComputer equipmentDCS-3950 series
331332333334335336337338339340
324
DCS-3950 series Ethernet switch manual
19.2.2.7 ip dhcp snooping trust
Commandip dhcp snooping trust
no ip dhcp snooping trust
Function Set or delete the DHCP Snooping trust attributes of a port.
ParametersNone
Command modePort Mode
DefaultBy default, all ports are non-trusted ports
Usage GuideOnly when DHCP Snooping is globally enabled, can this command be set.
When a port turns into a trusted port from a non-trusted port, the original defense action of
the port will be automatically deleted; all the security history records will be cleared
(except the information in system log).
ExampleSet port ethernet 0/0/1 as a DHCP Snooping trusted port
Switch(Config)#interface ethernet 0/0/1
Switch(Config- Ethernet 0/0/1)#ip dhcp snooping trust
19.2.2.8 ip dhcp snooping action
Commandip dhcp snooping action {shutdown|blackhole} [recovery <second>]
no ip dhcp snooping action
Function Set or delete the automatic defense action of a port.
Parameters
shutdown: When the port detects a fake DHCP Server, it will be shutdown.
blackhole
When the port detects a fake DHCP Server, the vid and source MAC of the
fake packet will be used to block the traffic from this MAC.
Recovery
Users can set to recover after the automatic defense action being
executed.(no shut ports or delete correponding blackhole
Second
Users can set how long after the execution of defense action to recover. The unit
is second, and valid range is 10-3600.
Command modePort Mode
DefaultNo default defense action.
Usage GuideOnly when DHCP Snooping is globally enabled, can this command be set.
Trusted port will not detect fake DHCP Server, so, will never trigger the corresponding
defense action. When a port turns into a trusted port from a non-trusted port, the original
defense action of the port will be automatically deleted.
ExampleSet the DHCP Snooping defense action of port ethernet0/0/1 as setting
blackhole, and the recovery time is 30 seconds.
Switch(Config)#interface ethernet 0/0/1
Switch(Config- Ethernet 0/0/1)#ip dhcp snooping action blackhole recovery 30
19.2.2.9 ip dhcp snooping action MaxNum
Commandip dhcp snooping action {<maxNum>|default}
Function Set the number of defense action that can be simultaneously taken effect.