Table of Contents
Advertisement
Configuring Security
Configuring DHCP Snooping
STEP 3
Configuring DHCP Snooping
NOTE
Cisco 220 Series Smart Plus Switches Administration Guide Release 1.0.0.x
Report
-
—Generates a SYSLOG message.The status of the port is
changed to Attacked when the threshold is passed.
Block and Report
-
packets destined for the system are dropped and the status of the port is
changed to Blocked.
•
SYN Protection Threshold—Enter the number of SYN packets per second
before SYN packets will be blocked (deny SYN with MAC-to-me rule will be
applied on the port).
•
SYN Protection Period—Enter the time in seconds before unblocking the
SYN packets (the deny SYN with MAC-to-me rule is unbound from the port).
Click Apply. The SYN Protection global settings are defined, and the Running
Configuration is updated.
DHCP Snooping provides network security by filtering untrusted DHCP messages
and by building and by maintaining a DHCP Snooping binding database (table).
DHCP Snooping acts as a firewall between untrusted hosts and DHCP servers.
DHCP Snooping differentiates between untrusted interfaces connected to the end
user and trusted interfaces connected to the DHCP server or another switch.
DHCP Snooping is applicable only for the switch models with the country of
destination (-CN).
This section includes the following topics:
•
Configuring DHCP Snooping Properties
•
Configuring DHCP Snooping on VLANs
•
Configuring DHCP Snooping Trusted Interfaces
•
Querying DHCP Snooping Binding Database
•
Viewing Option 82 Statistics
•
Configuring Option 82 Interface Settings
•
Configuring Option 82 Port CID Settings
—When a TCP SYN attack is identified, TCP SYN
16
209
Advertisement
Table of Contents
