Manualsbrain.com
  1. Manuels
  2. Marques
  3. 3com
  4. WX3000
  5. Manuel D’Utilisation

3com WX3000 Manuel D’Utilisation

Télécharger
Page de 715
 
3-5 
The resources on the server are exhausted, so the server does not respond to other requests.  
After receiving such type of packets, a device needs to send them to the CPU for processing. Too 
many request packets cause high CPU usage rate. As a result, the CPU cannot work normally.  
The device can filter invalid IP packets through the DHCP-snooping table and IP static binding table.  
DHCP-snooping table 
After DHCP snooping is enabled on a device, a DHCP-snooping table is generated. It is used to record 
IP addresses obtained from the DHCP server, MAC addresses, the number of the port through which a 
client is connected to the DHCP-snooping-enabled device, and the number of the VLAN to which the 
port belongs to. These records are saved as entries in the DHCP-snooping table.  
IP static binding table 
The DHCP-snooping table only records information about clients that obtains IP address dynamically 
through DHCP. If a fixed IP address is configured for a client, the IP address and MAC address of the 
client cannot be recorded in the DHCP-snooping table. Consequently, this client cannot pass the IP 
filtering of the DHCP-snooping table, thus it cannot access external networks. 
To solve this problem, the device supports the configuration of static binding table entries, that is, the 
binding relationship between IP address, MAC address, and the port connecting to the client, so that 
packets of the client can be correctly forwarded.  
IP filtering 
The device can filter IP packets in the following two modes:  
Filtering the source IP address in a packet. If the source IP address and the number of the port that 
receives the packet are consistent with entries in the DHCP-snooping table or static binding table, 
the device regards the packet as a valid packet and forwards it; otherwise, the device drops it 
directly.  
Filtering the source IP address and the source MAC address in a packet. If the source IP address 
and source MAC address in the packet, and the number of the port that receives the packet are 
consistent with entries in the DHCP-snooping table or static binding table, the device regards the 
packet as a valid packet and forwards it; otherwise, the device drops it directly.  
DHCP Snooping Configuration 
Configuring DHCP Snooping 
Follow these steps to configure DHCP snooping: 
To do… 
Use the command… 
Remarks 
Enter system view 
system-view 
— 
Enable DHCP snooping  
dhcp-snooping 
Required 
By default, the DHCP snooping 
function is disabled. 
Enter Ethernet port view 
interface interface-type 
interface-number 
—