Planet Networking & Communication SGS-6340-24T4S Command Manual page 620

35.8 ip dhcp snooping action
Command:
ip dhcp snooping action {shutdown | blackhole} [recovery <second>]
no ip dhcp snooping action
Function:
Set or delete the automatic defense action of a port.
Parameters:
shutdown: When the port detects a fake DHCP Server, it will be shutdown.
blackhole: When the port detects a fake DHCP Server, the vid and source MAC of the fake packet will be used to
block the traffic from this MAC.
recovery: Users can set to recover after the automatic defense action being executed.(no shut ports or delete
corresponding blackhole）.
second: Users can set how long after the execution of defense action to recover. The unit is second, and valid range
is 10-3600.
Command Mode:
Port mode
Default Settings:
No default defense action.
Usage Guide:
Only when DHCP Snooping is globally enabled, can this command be set. Trusted port will not detect fake DHCP
Server, so, will never trigger the corresponding defense action. When a port turns into a trusted port from a
non-trusted port, the original defense action of the port will be automatically deleted.
Example:
Set the DHCP Snooping defense action of port ethernet1/1 as setting blackhole, and the recovery time is 30
seconds.
switch(config)#interface ethernet 1/1
switch(Config-Ethernet1/1)#ip dhcp snooping action blackhole recovery 30
35-68