dhcpv6 connection chasten

Function

The dhcpv6 connection chasten command limits the number of DHCPv6 user connection requests.

The undo dhcpv6 connection chasten command restores the default configuration.

The undo dhcpv6 connection chasten slot command deletes the configured limit on the number of DHCPv6 user connection requests on an interface board.

By default, the device limits the number of connection requests from a DHCPv6 user. Within 180 seconds, if the number of authentication failure packets for a DHCPv6 user exceeds 5, the DHCPv6 user enters the suppression state, and the suppression time is 300 seconds.

Format

dhcpv6 connection chasten { request-packets request-packets | authen-packets authen-packets | request-packets request-packets authen-packets authen-packets | authen-packets authen-packets request-packets request-packets } check-period check-period restrain-period restrain-period [ slot slotid ]

undo dhcpv6 connection chasten [ slot slotid ]

Parameters

Parameter Description Value
request-packets request-packets

Specifies the maximum number of DHCPv6 request packets allowed.

The value is an integer ranging from 0 to 10000. The default value is 0.
authen-packets authen-packets

Specifies the maximum number of DHCPv6 authentication failure packets allowed.

The value is an integer ranging from 0 to 10000. The default value is 5.
check-period check-period

Specifies a check period. DHCPv6 users are in the check state during this period.

The value is an integer ranging from 1 to 3600, in seconds. The·default·value·is·180.
restrain-period restrain-period

Specifies a suppression period. DHCPv6 users are in the suppression state during this period.

The value is an integer ranging from 0 to 3600, in seconds. The·default·value·is·300. If this parameter is set to 0, the function of limiting connection requests from a DHCPv6 user is disabled.
slot slotid

Specifies the ID of a slot.

-

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
dhcp write

Usage Guidelines

Usage Scenario

If a large number of invalid connection request packets exist on a network, the network may be overloaded and even authorized users may not go online. To resolve this issue, run the dhcp connection chasten command to limit the number of connection requests from a DHCPv6 user.

This command supports the following numbers:

  • Number of request packets: After receiving request packets, the DHCPv6 module counts them into the number.
  • Number of authentication failure packets: After receiving request packets, the DHCPv6 module sends them to the service module for authentication. If the authentication fails, the DHCPv6 module counts them into the number.

    To disable the function of limiting connection requests from a DHCPv6 user, set the suppression period to 0s.

    In VS mode, this command is supported only by the admin VS.

Configuration Impact

The following scenarios are involved:

  • Only authen-packets is specified: If the number of authentication failure packets for a DHCPv6 user exceeds the value specified by authen-packets within a check period, the DHCPv6 user enters the suppression state.
  • Only request-packets is specified: If the number of request packets for a DHCPv6 user exceeds the value specified by request-packets within a check period, the DHCPv6 user enters the suppression state.
  • Both authen-packets and request-packets are specified: If the number of request packets for a DHCPv6 user exceeds the value specified by request-packets within a check period, the DHCPv6 user enters the suppression state. If the number of request packets for a DHCPv6 user does not exceed the value specified by request-packets within a check period, the DHCPv6 module sends the request packets to the service module for authentication. If the authentication fails and the number of authentication failure packets exceeds the value specified by authen-packets, the DHCPv6 user enters the suppression state.

    When a user is in the suppression state, the user's packets are discarded regardless of whether the user is online.

Example

# Limit the number of connection requests from a DHCPv6 user, with request-packets, check-period, and restrain-period set to 1000, 60s, and 120s respectively.
<HUAWEI> system-view
[~HUAWEI] dhcpv6 connection chasten request-packets 1000 check-period 60 restrain-period 120
Parent Topic: DHCP IPOE Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >