•
Attempts to exhaust system resources so that sufficient resources are
not available to transmit legitimate traffic, indicated by an unusually
high use of specific system resources
•
Attempts to attack the switch's CPU and introduce delay in system
response time to new network events
•
Attempts by hackers to access the switch, indicated by an excessive
number of failed logins or port authentication failures
•
Attempts to deny switch service by filling the forwarding table, indi
cated by an increased number of learned MAC addresses or a high
number of MAC address moves from one port to another
•
Attempts to exhaust available CPU resources, indicated by an
increased number of learned MAC address events being discarded
DHCP Snooping
Command
dhcp-snooping
authorized-server
database
option
trust
verify
vlan
show dhcp-snooping
show dhcp-snooping stats
dhcp-snooping binding
debug dhcp-snooping
Overview
You can use DHCP snooping to help avoid the Denial of Service attacks that
result from unauthorized users adding a DHCP server to the network that then
provides invalid configuration data to other DHCP clients on the network.
Configuring Advanced Threat Protection
DHCP Snooping
Page
page 10-4
page 10-8
page 10-11
page 10-8
page 10-7
page 10-10
page 10-6
page 10-5
page 10-5
page 10-12
page 10-12
10-3