5-15 DHCP Packet Rate Limit ConfigurationWhen configuring the DHCP packet rate limit function, go to these sections for information you areinterested in:z Introduction to DHCP Packet Rate Limitz Configuring DHCP Packet Rate Limitz Rate Limit Configuration ExampleIntroduction to DHCP Packet Rate LimitTo prevent ARP attacks and attacks from unauthorized DHCP servers, ARP packets and DHCPpackets will be processed by the switch CPU for validity checking. But, if attackers generate a largenumber of ARP packets or DHCP packets, the switch CPU will be under extremely heavy load. As aresult, the switch cannot work normally and even goes down.S5600 series Ethernet switches support ARP and DHCP packet rate limit on a port and shut down theport under attack to prevent hazardous impact on the device CPU. For details about ARP packet ratelimit, refer to ARP Operation in this manual. The following describes only the DHCP packet rate limitfunction.After DHCP packet rate limit is enabled on an Ethernet port, the switch counts the number of DHCPpackets received on this port per second. If the number of DHCP packets received per second exceedsthe specified value, packets are passing the port at an over-high rate, which implies an attack to the port.In this case, the switch shuts down this port so that it cannot receive any packet, thus protect the switchfrom attacks.In addition, the switch supports port state auto-recovery. After a port is shut down due to over-highpacket rate, it resumes automatically after a configurable period of time.When both port state auto-recovery interval for over-high ARP packet rate and port state auto-recoveryinterval for over-high DHCP packet rate are configured on a port, the shorter one will be theauto-recovery time.Configuring DHCP Packet Rate LimitConfiguring DHCP Packet Rate LimitFollow these steps to configure rate limit of DHCP packets:To do… Use the command… RemarksEnter system view system-view —