DHCP Anti-Attack
Normally, when the DHCP client obtains an IP address from the DHCP server, the number of DHCP packets sent by the DHCP client is very small and doesn't affect the performance of the DHCP server. However, a malicious attack can cause the DHCP client to flood DHCP packets to the DHCP server, which will affect the DHCP server performance. To prevent this, you can enable DHCP monitoring on a device.
You can configure a DHCP rate threshold to monitor the packets reaching a device. If the packet rate is equal or higher than the threshold, then the packets are considered as an attack and discarded. The default packets rate threshold is 16pps.
When an attack is detected, the source MAC address of the attack packet is sent to the address table. The address table is maintained with an aging time. When the aging time expires, the table entry with the source MAC address is deleted and packets with the same source MAC address are dropped. The default aging time is 10 minutes. You can modify the aging time. Configure the aging time with a value of 0 prevents the table entry from being deleted.
By default, after an attack all ports are considered as not trustworthy. You can configure a port that does not require monitoring and is trustworthy as a trusted port.