2-229
Cisco Broadband Cable Command Reference Guide
OL-1581-08
Chapter 2 Cisco CMTS Configuration Commands
cable source-verify leasequery-filter upstream
cable source-verify leasequery-filter upstream
To control the number of Dynamic Host Configuration Protocol (DHCP) LEASEQUERY request
messages that are sent for unknown IP addresses per each service ID (SID) on an upstream, use the
cable
source-verify leasequery-filter upstream
command in cable interface configuration mode. To disable
the filtering of DHCP lease queries, use the
no
form of this command.
cable source-verify leasequery-filter upstream
threshold interval
no cable source-verify leasequery-filter upstream
Syntax Description
Defaults
Filtering of DHCP lease queries is disabled.
Command Modes
Interface configuration (cable interface only)
Command History
Usage Guidelines
When the
cable source-verify dhcp
and
no cable arp
commands are configured on a cable interface,
the Cisco Cable Modem Termination System (CMTS) router sends a DHCP LEASEQUERY request to
the DHCP server to verify unknown IP addresses that are found in packets to and from customer
premises equipment (CPE) devices that are using the cable modems on the cable interface. The DHCP
server returns a DHCP ACK message with the MAC address of the CPE device that has been assigned
this IP address, if any. The router can then verify that this CPE device is authorized to use this IP address,
which prevents users from assigning unauthorized IP addresses to their CPE devices.
Problems can occur, though, when viruses, denial of service (DoS) attacks, and theft-of-service attacks
scan ranges of IP addresses, in an attempt to find unused addresses. This type of activity can generate a
large volume of DHCP LEASEQUERY requests, which can result in high CPU utilization and a lack of
available bandwidth for other customers.
To prevent such a large volume of LEASEQUERY requests on the upstreams on a cable interface, use
the
cable source-verify leasequery-filter upstream
command. After configuring this command, the
Cisco CMTS allows only a certain number of DHCP LEASEQUERY requests in the upstream direction
within each interval time period.
For example, the
cable source-verify leasequery-filter upstream 5 5
command configures the router
so that it allows a maximum of 5 DHCP LEASEQUERY requests every 5 seconds for each SID on the
upstream direction. This command applies to all upstreams on the cable interface.
threshold
Maximum number of DHCP lease queries allowed per SID for each
interval
period. The valid range is 0 to 20 lease queries.
interval
Time period, in seconds, over which lease queries should be monitored. The
valid range is 1 to 5 seconds.
Release
Modification
12.2(15)BC1d,
12.2(15)BC2b
This command was introduced for the Cisco uBR7100 series,
Cisco uBR7246VXR, and Cisco uBR10012 universal broadband routers.