Reasons why the DHCP address pool is exhausted on S series switches

If the allocated address pool resources far exceed the number of clients connected to a switch, the following causes may result in address pool exhaustion:
- An attacker sends a large number of DHCP Discover messages by continuously changing the CHADDR field. As a result, the address pool resources are exhausted. In this case, DHCP snooping can be deployed.
- DHCP server is configured with the DHCP server ping function. With this function, the switch attempts to ping the allocated address before sending the DHCP Offer message. If clients respond to ping packets on the network, the DHCP server may incorrectly determine address conflicts. As a result, the address pool resources are exhausted. There are two solutions:
Obtain the packet header through port mirroring on the DHCP server and check whether the determination is correct. If so, the client can be disabled.
2. Disable the DHCP server ping function by using the undo dhcp server ping packet command.

Scroll to top