Configuring Advanced Threat Protection

DHCP Snooping

Attempts to exhaust system resources so that sufficient resources are not available to transmit legitimate traffic, indicated by an unusually high use of specific system resources

Attempts to attack the switch’s CPU and introduce delay in system response time to new network events

Attempts by hackers to access the switch, indicated by an excessive number of failed logins or port authentication failures

Attempts to deny switch service by filling the forwarding table, indi- cated by an increased number of learned MAC addresses or a high number of MAC address moves from one port to another

Attempts to exhaust available CPU resources, indicated by an increased number of learned MAC address events being discarded

DHCP Snooping

Command

Page

 

 

dhcp-snooping

page 8-5

authorized-server

page 8-9

database

page 8-12

option

page 8-9

trust

page 8-8

verify

page 8-11

vlan

page 8-7

show dhcp-snooping

page 8-6

show dhcp-snooping stats

page 8-6

dhcp-snooping binding

page 8-13

debug dhcp-snooping

page 8-13

 

 

Overview

You can use DHCP snooping to help avoid the Denial of Service attacks that result from unauthorized users adding a DHCP server to the network that then provides invalid configuration data to other DHCP clients on the network.

8-4