dhcp snooping alarm threshold (Bridge domain view)

Function

The dhcp snooping alarm threshold command configures an alarm threshold for the number of discarded ARP packets, IP packets, DHCP reply packets (received on the untrusted interface), and DHCP request packets and the percentage threshold for the maximum DHCP snooping users.

The undo dhcp snooping alarm threshold command restores the default settings.

By default:

  • The alarm threshold for the number of discarded packets in a BD is a global alarm threshold (which is 100 by default and can be configured manually).
  • The percentage threshold for the maximum DHCP snooping users in a BD is 100%.

Format

dhcp snooping alarm { { ip | arp | dhcp-chaddr | dhcp-request | dhcp-reply } { enable | threshold threshold-value } | user-limit { enable | threshold user-threshold-value } }

undo dhcp snooping alarm { ip | arp | dhcp-chaddr | dhcp-request | dhcp-reply | user-limit } enable

undo dhcp snooping alarm { ip | arp | dhcp-chaddr | dhcp-request | dhcp-reply | user-limit } threshold

Parameters

Parameter Description Value
ip

Indicates the alarm threshold for the number of discarded IP packets that mismatch the binding entries.

-
arp

Indicates the alarm threshold for the number of discarded ARP packets that mismatch the binding entries.

-
dhcp-chaddr

Indicates the alarm threshold for discarded DHCP packets with a client hardware address (CHADDR) mismatching the source MAC address in the Ethernet frame header.

-
dhcp-request

Indicates the alarm threshold for the number of discarded DHCP request packets for extending the IP address lease.

-
dhcp-reply

Indicates the alarm threshold for discarded DHCP reply packets received on untrusted interfaces.

-
enable

Enables DHCP snooping.

-
threshold threshold-value

Specifies an alarm threshold.

For the alarm threshold for the number of discarded packets, the value is an integer ranging from 1 to 1000. For the percentage threshold for the maximum DHCP snooping users, the value is an integer ranging from 1 to 100.
threshold user-threshold-value

Specifies a threshold value percent.

The value is an integer ranging from 1 to 100.
user-limit

Indicates the alarm threshold for the maximum DHCP snooping users.

-

Views

Bridge domain view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
dhcp write

Usage Guidelines

Usage Scenario

To configure the alarm threshold for the maximum discarded packets and the percentage threshold for the maximum DHCP snooping users in the BD view, run the dhcp snooping alarm threshold command.

The configuration of the alarm threshold for discarded packets in a BD can be one of the following situations:

  • If no alarm threshold is configured for a BD, the default global threshold takes effect for the BD. You can run the dhcp snooping alarm threshold command to modify the global threshold.
  • If an alarm threshold is configured for a BD, the configured threshold takes effect for the BD.

    To configure the alarm threshold for the number of discarded DHCP packets, run the dhcp snooping alarm threshold command.

Prerequisites

  • DHCP snooping has been enabled globally using the dhcp snooping enable command.
  • The alarm function for DHCP snooping has been configured using the dhcp snooping alarm enable command.
  • The maximum number of DHCP snooping users has been configured using the dhcp snooping max-user-number (BD view) command.

Precautions

  • If the maximum number of DHCP snooping users is set to n and the percentage threshold for the maximum DHCP snooping users is set to m, when the number of users on the interface reaches n x m, an alarm is generated. If the number of users on the interface reaches (n x m)+ 1, no alarm is generated. Only if the IP address lease of users expires or users proactively release IP addresses, the number of DHCP snooping users in a BD can fall below the number n x m. When the number of users on the interface reaches n x m again, an alarm is generated.
  • Users can change the current percentage threshold by configuring a new value. Only the latest configuration takes effect.

Example

# Configure the alarm function for discarded DHCP reply packets in BD 10.
<HUAWEI> system-view
[~HUAWEI] dhcp snooping enable
[*HUAWEI] bridge-domain 10
[*HUAWEI-bd10] dhcp snooping enable
[*HUAWEI-bd10] dhcp snooping alarm dhcp-reply enable
# Set the percentage threshold for the maximum DHCP snooping users in BD 10 to 50%.
<HUAWEI> system-view
[~HUAWEI] dhcp snooping enable
[*HUAWEI] bridge-domain 10
[*HUAWEI-bd10] dhcp snooping enable
[*HUAWEI-bd10] dhcp snooping alarm user-limit threshold 50
# Set the alarm threshold for the number of discarded ARP packets in BD 20 to 200.
<HUAWEI> system-view
[~HUAWEI] dhcp snooping enable
[*HUAWEI] bridge-domain 20
[*HUAWEI-bd20] dhcp snooping enable
[*HUAWEI-bd20] dhcp snooping alarm arp threshold 200
Parent Topic: DHCP Snooping Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >