Cisco Catalyst 4500 Series Software Configuration Manual page 1596
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Configuring DHCP Snooping
To prevent the port from shutting down, you can use the errdisable detect cause dhcp-rate-limit action
shutdown vlan global configuration command to shut down just the offending VLAN on the port where
the violation occurred.
To limit the rate of incoming DHCP packets, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# errdisable detect
cause dhcp-rate-limit
]
shutdown vlan
Step 3
Switch(config)# interface
interface-id
Step 4
Switch(config-if)# [no] ip dhcp
snooping limit rate
Step 5
Switch(config-if)# exit
Step 6
Switch(config)# errdisable recovery
{
cause dhcp-rate-limit |
interval interval}
Step 7
Switch(config)# exit
Step 8
Switch# show interfaces status
Step 9
Switch# show errdisable recovery
Step 10
Switch# copy running-config
startup-config
To return to the default rate-limit configuration, use the no ip dhcp-rate-limit interface configuration
command. To disable error recovery for DHCP inspection, use the no errdisable recovery cause
dhcp-rate-limit global configuration command.
This example shows how to set an upper limit for the number of incoming packets (100 pps) and to
specify a burst interval (1 second):
Switch# configure terminal
Enter configuration commands, one per line.
Switch(config)# interface g3/31
Switch(config-if)# ip dhcp-rate-limit rate 100 burst interval 1
Switch(config-if)# exit
Switch(config)# errdisable recovery cause dhcp-rate-limit
Switch(config)# exit
Switch# show interfaces status
Port
Te1/1
Te1/2
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
60-14
Chapter 60
Purpose
Enters global configuration mode.
Enables per-VLAN errdisable detection.
[
action
Specifies the interface to be rate-limited, and enter interface
configuration mode.
Limits the rate of incoming DHCP requests and responses on the
interface.
The default rate is disabled.
Returns to global configuration mode.
(Optional) Enables error recovery from the DHCP errdisable state.
By default, recovery is disabled, and the recovery interval is 300
seconds.
For interval interval, specify the time in seconds to recover from the
errdisable state. The range is 30 to 86400.
Returns to privileged EXEC mode.
Verifies your settings.
Verifies your settings.
(Optional) Saves your entries in the configuration file.
Name
Status
connected
connected
Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
End with CNTL/Z.
Vlan
Duplex Speed Type
1
full
10G
vl-err-dis full
10G
10GBase-LR
10GBase-LR
Advertisement
Chapters
Table of Contents
Troubleshooting
