The dhcp anti-attack check magic-cookie command enables the function of checking the magic-cookie field in a DHCP packet and discarding a DHCP packet with an incorrect value in the magic-cookie field.
The undo dhcp anti-attack check magic-cookie command disables the function of checking the magic-cookie field in a DHCP packet.
By default, a device does not check the magic-cookie field in a DHCP packet but directly forwards a DHCP packet with an incorrect value in the magic-cookie field.
System view, VLAN view, Ethernet interface view, GE interface view, XGE interface view, 25GE interface view, MultiGE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view
Usage Scenario
The dhcp anti-attack check magic-cookie command applies to DHCP servers, DHCP relay agents, DHCP clients, and DHCP snooping-enabled devices. Devices from different vendors may use different DHCP implementation mechanisms. After checking the magic-cookie field in a received DHCP packet, a device may not allow the DHCP packet to pass through and discards the packet. As a result, DHCP becomes unavailable. To solve this problem, you can run the undo dhcp anti-attack check magic-cookie command to disable the function of checking the magic-cookie field in a DHCP packet, so that a DHCP packet with an incorrect value in the magic-cookie field can be properly forwarded.
Prerequisites
DHCP has been enabled on the device using the dhcp enable command.