Operation Manual – DHCPH3C S5600 Series Ethernet Switches Chapter 5 DHCP Packet Rate Limit Configuration5-1Chapter 5 DHCP Packet Rate Limit ConfigurationWhen configuring the DHCP packet rate limit function, go to these sections forinformation you are interested in:z Introduction to DHCP Packet Rate Limitz Configuring DHCP Packet Rate Limitz Rate Limit Configuration Example5.1 Introduction to DHCP Packet Rate LimitTo prevent ARP attacks and attacks from unauthorized DHCP servers, ARP packetsand DHCP packets will be processed by the switch CPU for validity checking. But, ifattackers generate a large number of ARP packets or DHCP packets, the switch CPUwill be under extremely heavy load. As a result, the switch cannot work normally andeven goes down.S5600 series Ethernet switches support ARP and DHCP packet rate limit on a port andshut down the port under attack to prevent hazardous impact on the device CPU. Fordetails about ARP packet rate limit, refer to ARP Operation in this manual. Thefollowing describes only the DHCP packet rate limit function.After DHCP packet rate limit is enabled on an Ethernet port, the switch counts thenumber of DHCP packets received on this port per second. If the number of DHCPpackets received per second exceeds the specified value, packets are passing the portat an over-high rate, which implies an attack to the port. In this case, the switch shutsdown this port so that it cannot receive any packet, thus protect the switch from attacks.In addition, the switch supports port state auto-recovery. After a port is shut down due toover-high packet rate, it resumes automatically after a configurable period of time.Note:When both port state auto-recovery interval for over-high ARP packet rate and portstate auto-recovery interval for over-high DHCP packet rate are configured on a port,the shorter one will be the auto-recovery time.5.2 Configuring DHCP Packet Rate Limit5.2.1 Configuring DHCP Packet Rate LimitFollow these steps to configure rate limit of DHCP packets: