72
XS712T Smart Switch
• To configure a group of interfaces, select the check boxes for the individual interfaces
that you want to configure.
• To configure all interfaces, select the check box at the left in the table heading.
4. From the Trust Mode list, select the desired trust mode.
• Disabled. The interface is considered to be untrusted and could potentially be used to
launch a network attack. DHCP server messages are checked against the bindings
database. On untrusted ports, DHCP snooping enforces the following security rules:
• DHCP packets from a DHCP server (DHCPOFFER, DHCPACK, DHCPNAK,
DHCPRELEASEQUERY) are dropped.
• DHCPRELEASE and DHCPDECLINE messages are dropped if the MAC address
is in the snooping database but the binding's interface is other than the interface
where the message was received.
• DHCP packets are dropped when the source MAC address does not match the
client hardware address if MAC Address Validation is globally enabled.
• Enabled. The interface is considered to be trusted and forwards DHCP server
messages without validation.
5. From the Logging Invalid Packets list, select the packet logging mode.
When enabled, the DHCP snooping feature generates a log message when an invalid
packet is received and dropped by the interface.
6. Next to Rate Limit (pps), specify the rate limit value for DHCP Snooping purpose.
If the incoming rate of DHCP packets exceeds the value of this object for consecutively
burst interval seconds, the port will be shutdown. If this value is N/A, then burst interval
has no meaning, and rate limiting is disabled.
7. Next to Burst Interval (secs), specify the burst interval value for rate limiting purpose on this
interface.
If the rate limit is N/A, then the burst interval has no meaning and it is N/A.
8. Click Apply.