139Step Command Remarks1. Enter system view. system-view N/A2. Enable periodic refresh ofdynamic relay entries.dhcp relay client-information refreshenableBy default, periodic refreshof dynamic relay entries isenabled.3. Set the refresh interval. dhcp relay client-information refresh[ auto | interval interval ]By default, the refreshinterval is auto, which iscalculated based on thenumber of total relay entries.Configuring DHCP flood attack protectionAbout DHCP flood attack protectionThe DHCP flood attack protection enables the DHCP relay agent to detect DHCP flood attacksaccording to the DHCP packet rate threshold on a per-MAC basis.When the DHCP relay agent receives a DHCP packet from a client (MAC address), it creates aDHCP flood attack entry in check state. If the number of DHCP packets from the same MAC addressreaches the upper limit in the detection duration, the relay agent determines that the client islaunching a DHCP flood attack. The DHCP flood attack entry changes to the restrain state, and theDHCP relay agent discards the DHCP packets from that client. When the aging time of the entry isreached, the DHCP relay agent deletes the entry. If a DHCP packet from the MAC address arriveslater, the DHCP relay agent will create a flood attack entry and count the number of incoming DHCPpackets for that client again.ProcedureTo configure DHCP flood attack protection:Step Command Remarks1. Enter system view. system-view N/A2. (Optional) Set the DHCPpacket rate threshold forDHCP flood attack detection.dhcp flood-protectionthreshold packet-numbermillisecondsBy default, the device allows amaximum of 6 DHCP packets per5000 milliseconds from eachDHCP client.3. (Optional) Set the DHCPflood attack entry aging time.dhcp flood-protectionaging-time timeThe default setting is 300seconds.4. Enter interface view. interface interface-typeinterface-number N/A5. Enable DHCP flood attackprotection. dhcp flood-protection enable By default, DHCP flood attackprotection is disabled.Enabling DHCP starvation attack protectionA DHCP starvation attack occurs when an attacker constantly sends forged DHCP requests usingdifferent MAC addresses in the chaddr field to a DHCP server. This exhausts the IP addressresources of the DHCP server so legitimate DHCP clients cannot obtain IP addresses. The DHCPserver might also fail to work because of exhaustion of system resources. The following methods areavailable to relieve or prevent such attacks.• To relieve a DHCP starvation attack that uses DHCP packets encapsulated with differentsource MAC addresses, you can use one of the following methods: