dhcp flood-protection threshold

Use dhcp flood-protection threshold to set the DHCP packet rate threshold for DHCP flood attack detection.

Use undo dhcp flood-protection threshold to restore the default.

Syntax

dhcp flood-protection threshold packet-number milliseconds

undo dhcp flood-protection threshold

Default

The device allows a maximum of 6 DHCP packets per 5000 milliseconds from each DHCP client.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

packet-number: Specifies the maximum number of DHCP packets in the range of 2 to 200.

milliseconds: Specifies the DHCP flood attack detection duration in milliseconds. The value range is 1000 to 10000.

Usage guidelines

The DHCP flood attack protection enables the DHCP device to detect DHCP flood attacks according to the DHCP packet rate threshold on a per-MAC basis. If the number of DHCP packets from the same MAC address exceeds the upper limit in the detection duration, the client at that MAC address is launching a DHCP flood attack.

This command takes effect only after you execute the dhcp flood-protection enable command.

If you execute the command multiple times, the most recent configuration takes effect.

Examples

# Configure the device to allow a maximum of 2 DHCP packets per 9000 milliseconds from each DHCP client.

<Sysname> system-view
[Sysname] dhcp flood-protection threshold 2 9000

Related commands

dhcp flood-protection aging-time

dhcp flood-protection enable