Setting the Maximum Number of DHCP Clients

The maximum number of Dynamic Host Configuration Protocol (DHCP) clients that log in from an interface can be specified.

Usage Scenario

After the number of login clients reaches the maximum number, no client can obtain IP address. To prevent malicious IP address application, configure the maximum number of DHCP clients.

When the number of login users on a DHCP snooping device reaches the maximum number, check whether the IP address of DHCP ACK packets exists in the binding entries and determine whether the login users are new ones. In this case, you can configure the MAC address strict check function. DHCP snooping can determine whether the users are new ones by checking the MAC addresses of the DHCP Discover packets sent by them. If the MAC address of a user does not exist in DHCP snooping binding entries, the user is not allowed to go online, and packets are not sent to the DHCP server. In this manner, the DHCP server is not affected by unauthorized users.

Pre-configuration Tasks

Before you set the maximum number of DHCP clients, configure DHCP snooping and trusted interfaces.

Procedure

Configure the maximum number of DHCP clients for a VLAN.
1. Run system-view
  The system view is displayed.
2. (Optional) Run dhcp snooping strict-check mac-address
  DHCP snooping is enabled to strictly check the MAC addresses of login users.
3. Run vlan vlan-id
  The VLAN view is displayed.
4. Run dhcp snooping max-user-number max-user-number [ interface interface-type interface-number ]
  The maximum number of DHCP clients is configured for the VLAN.
5. (Optional) Run dhcp snooping alarm user-limit enable [ interface interface-type interface-number ]
  The alarm function for discarded DHCP packets because the maximum number of DHCP clients is reached is enabled for the VLAN.
6. (Optional) Run dhcp snooping alarm user-limit threshold threshold [ interface interface-type interface-number ]
  The maximum number of DHCP clients is configured for the VLAN.
7. Run commit
  The configuration is committed.
Configure the maximum number of DHCP clients for an interface.
1. Run system-view
  The system view is displayed.
2. (Optional) Run dhcp snooping strict-check mac-address
  DHCP snooping is enabled to strictly check the MAC addresses of login users.
3. Run interface interface-type interface-number
  The interface view is displayed.
4. Run dhcp snooping max-user-number max-user-number
  The maximum number of DHCP clients is configured for the interface.
5. (Optional) Run dhcp snooping alarm user-limit enable
  The alarm function for discarded DHCP packets because the maximum number of DHCP clients is reached is enabled for the interface.
6. (Optional) Run dhcp snooping alarm user-limit threshold threshold-value
  The maximum number of DHCP clients is configured for the interface.
7. Run commit
  The configuration is committed.
Configure the maximum number of DHCP clients for a BD.
1. Run system-view
  The system view is displayed.
2. Run bridge-domain bd-id
  The BD view is displayed.
3. Run dhcp snooping max-user-number max-user-number
  The maximum number of DHCP clients is configured for the BD.
4. Run commit
  The configuration is committed.

Result

Run the display dhcp snooping { interface interface-type interface-number | vlan vlan-id [ interface interface-type interface-number ] | bridge-domain bd-id } command to check the maximum number of DHCP clients.