Table of Contents
Advertisement
ip dhcp snooping limit
Use the ip dhcp snooping limit command to diagnostically disable itself if
the rate of received DHCP messages exceeds the configured limit. Use the no
shutdown command to re-enable the interface. Use the no form of this
command to disable automatic shutdown of the interface.
Syntax
ip dhcp snooping limit {rate rate [burst interval seconds]}
no ip dhcp snooping limit
•
rate— The maximum number of packets per second allowed (Range: 0–
300 pps).
•
seconds — Interval over which to measure a burst of packets. (Range: 1–15
seconds).
Default Configuration
By default, DCHP messages do not cause an interface to be disabled.
Command Mode
Interface Configuration (gigabitethernet, port-channel, tengigabitethernet,
fortygigabitethernet) mode
User Guidelines
This command is available in Ethernet interface configuration mode or port
channel interface configuration mode. The switch hardware rate limits
DHCP packets sent to the CPU from snooping enabled interfaces to 512
Kbps.
To prevent DHCP packets from being used in a DoS attack when DHCP
snooping is enabled; the snooping application allows configuration of rate
limiting for received DHCP packets. DHCP snooping monitors the receive
rate on each interface separately. If the receive rate exceeds the configured
limit within the configured interval, DHCP snooping shuts down the
interface. The administrator must perform the "no shutdown" command on
the affected interface to re-enable the interface.
Layer 2 Switching Commands
343
Advertisement
Table of Contents
