ALM-3276800476 The number of the discarded DHCP request packets that do not match the binding table exceeds the threshold on the interface

Description

DHCP/1/REQUESTTRAP:OID [OID] The number of the discarded DHCP request packets that do not match the binding table exceeds the threshold on the interface. (IfIndex=[INTEGER], VlanIndex=[INTEGER], Interface=[OCTET], VlanID=[INTEGER], BdID=[INTEGER], DiscardedNumber=[INTEGER])

The number of DHCP Request packets discarded on the interface because they do not match the binding table exceeded the threshold.

Attribute

Parameters

Impact on the System

Invalid DHCP packets are discarded.

Possible Causes

DHCP attacks occurred.

Procedure

1. Run the display dhcp snooping user-bind command to check DHCP snooping binding entries on the interface to determine users' IP addresses and MAC addresses.

2. Configure port mirroring to obtain DHCP packets received by the interface. Check users' IP addresses and MAC addresses in DHCP Request packets that do not match the binding table.

   • If a user connected to the interface sends a large number of DHCP Request packets that do not match the binding table, the user is an unauthorized user and the DHCP Request packets are attack packets. The device discards the attack packets. Check the attack source based on the user's IP address or MAC address.

   • If users connected to the interface do not send a large number of DHCP Request packets that do not match the binding table, DHCP packets sent by the users are not attack packets. To ensure that the users pass the check, cancel the dhcp snooping check dhcp-request enable command configuration on the interface.

Related Information

None