An attacker keeps sending DHCP request packets for extending the IP address lease to prevent expired IP addresses from being reclaimed. You can configure the device to match received request packets against the binding table to defend against bogus packets for extending the IP address lease.
An attacker sends a large number of DHCP request packets carrying incorrect source MAC address, source IP address, VLAN ID, or interface information to attack the DHCP server.
Configure an interface to check DHCP request packets for extending the IP address lease.
<HUAWEI> system-view [~HUAWEI] interface gigabitethernet0/1/0 [~HUAWEI-Gigabitethernet0/1/0] dhcp snooping checkdhcp-request enable [*HUAWEI-Gigabitethernet0/1/0] commit
Note that configuring CHARDDR check affects user access.