Cisco SR2016T-NA Reference Manual page 241

Chapter 2 Cisco CMTS Configuration Commands
cable source-verify leasequery-filter upstream
To control the number of Dynamic Host Configuration Protocol (DHCP) LEASEQUERY request
messages that are sent for unknown IP addresses per each service ID (SID) on an upstream, use the cable
source-verify leasequery-filter upstream command in cable interface configuration mode. To disable
the filtering of DHCP lease queries, use the no form of this command.
Syntax Description threshold
interval
Defaults Filtering of DHCP lease queries is disabled.
Command Modes
Interface configuration (cable interface only)
Command History Release
12.2(15)BC1d,
12.2(15)BC2b
Usage Guidelines
When the cable source-verify dhcp and no cable arp commands are configured on a cable interface,
the Cisco Cable Modem Termination System (CMTS) router sends a DHCP LEASEQUERY request to
the DHCP server to verify unknown IP addresses that are found in packets to and from customer
premises equipment (CPE) devices that are using the cable modems on the cable interface. The DHCP
server returns a DHCP ACK message with the MAC address of the CPE device that has been assigned
this IP address, if any. The router can then verify that this CPE device is authorized to use this IP address,
which prevents users from assigning unauthorized IP addresses to their CPE devices.
Problems can occur, though, when viruses, denial of service (DoS) attacks, and theft-of-service attacks
scan ranges of IP addresses, in an attempt to find unused addresses. This type of activity can generate a
large volume of DHCP LEASEQUERY requests, which can result in high CPU utilization and a lack of
available bandwidth for other customers.
To prevent such a large volume of LEASEQUERY requests on the upstreams on a cable interface, use
the cable source-verify leasequery-filter upstream command. After configuring this command, the
Cisco CMTS allows only a certain number of DHCP LEASEQUERY requests in the upstream direction
within each interval time period.
For example, the cable source-verify leasequery-filter upstream 5 5 command configures the router
so that it allows a maximum of 5 DHCP LEASEQUERY requests every 5 seconds for each SID on the
upstream direction. This command applies to all upstreams on the cable interface.
OL-1581-08
cable source-verify leasequery-filter upstream threshold interval
no cable source-verify leasequery-filter upstream
Maximum number of DHCP lease queries allowed per SID for each interval
period. The valid range is 0 to 20 lease queries.
Time period, in seconds, over which lease queries should be monitored. The
valid range is 1 to 5 seconds.
Modification
This command was introduced for the Cisco uBR7100 series,
Cisco uBR7246VXR, and Cisco uBR10012 universal broadband routers.
cable source-verify leasequery-filter upstream
Cisco Broadband Cable Command Reference Guide
2-229