The dhcp snooping alarm threshold command sets the alarm threshold for the number of DHCP messages discarded by DHCP snooping.
The undo dhcp snooping alarm threshold command restores the default alarm threshold.
By default, an alarm is generated in the system when at least 100 DHCP snooping messages are discarded, and the alarm threshold on an interface is set using the dhcp snooping alarm threshold command in the system view.
In the system view:
dhcp snooping alarm threshold threshold
undo dhcp snooping alarm threshold
In the interface view:
dhcp snooping alarm { dhcp-request | dhcp-chaddr | dhcp-reply | dhcpv6-request } threshold threshold
undo dhcp snooping alarm { dhcp-request | dhcp-chaddr | dhcp-reply | dhcpv6-request } threshold
| Parameter | Description | Value |
|---|---|---|
threshold |
Specifies the alarm threshold for the number of DHCP snooping-discarded messages. |
The value is an integer that ranges from 1 to 1000. |
dhcp-request |
Specifies the alarm threshold for the number of DHCPv4 Request messages discarded because they do not match the DHCP snooping binding entries. |
- |
dhcp-chaddr |
Specifies the alarm threshold for the number of DHCP messages discarded because the CHADDR field in the DHCPv4 request messages does not match the source MAC address in the data frame header. |
- |
dhcp-reply |
Specifies the alarm threshold for the number of DHCPv4 Response messages discarded by untrusted interfaces. |
- |
dhcpv6-request |
Specifies the alarm threshold for the number of DHCPv6 Request messages discarded because they do not match the DHCP snooping binding entries. |
- |
System view, Ethernet interface view, GE interface view, XGE interface view, 25GE interface view, MultiGE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view
Usage Scenario
After trap for discarded DHCP messages is enabled, run the dhcp snooping alarm threshold command to specify the alarm threshold for the number of DHCP messages discarded by DHCP snooping. If the alarm threshold is not set on an interface, the interface uses the global alarm threshold.
Prerequisites
DHCP snooping has been enabled on the device using the dhcp snooping enable command.
The DHCP snooping alarm function has been enabled using the dhcp snooping alarm { dhcp-request | dhcp-chaddr | dhcp-reply | dhcpv6-request } enable command.
Precautions
If you run the dhcp snooping alarm threshold command in the system view, the command takes effect on all the interfaces of the device.
If you specify an alarm threshold for the number of DHCP messages discarded by DHCP snooping in the system view, an alarm is generated when the number of all the discarded DHCP messages reaches the threshold.
# Set the global alarm threshold for the number of discarded DHCP messages to 200.
<HUAWEI> system-view [HUAWEI] dhcp enable [HUAWEI] dhcp snooping enable [HUAWEI] dhcp snooping alarm threshold 200
# On GE0/0/1, enable DHCP snooping, enable the device to check whether the CHADDR field in the DHCP message matches the source MAC address in the Ethernet frame header, and enable alarm for the DHCP messages discarded because the CHADDR field in the DHCP message does not match the source MAC address. Set the alarm threshold to 1000.
<HUAWEI> system-view [HUAWEI] dhcp enable [HUAWEI] dhcp snooping enable [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] dhcp snooping enable [HUAWEI-GigabitEthernet0/0/1] dhcp snooping check dhcp-chaddr enable [HUAWEI-GigabitEthernet0/0/1] dhcp snooping alarm dhcp-chaddr enable [HUAWEI-GigabitEthernet0/0/1] dhcp snooping alarm dhcp-chaddr threshold 1000