Table of Contents
Advertisement
The administrator can configure the rate and burst interval. Rate limiting is
configured independently on each physical interface and may be enabled on
both trusted and untrusted interfaces. The rate limit is configurable in the
range of 0-300 packets per second and the burst interval in the range of 1-15
seconds.
ipv6 dhcp snooping log-invalid
Use the ipv6 dhcp snooping log-invalid command to configure the port to
log invalid received DHCP messages.
Syntax
ipv6 dhcp snooping log-invalid
no ipv6 dhcp snooping log-invalid
Default Configuration
By default, invalid DHCP messages are not logged.
Command Modes
Interface Configuration mode
User Guidelines
An invalid DHCP message is one that is received on an untrusted interface
that is not a member of the VLAN over which the IP address (and optionally
the MAC address) has been learned. Receiving large number of invalid
messages may be an indication of an attack.
Logging invalid messages can use valuable CPU resources if the switch
receives such messages at a high rate. To avoid allowing the switch to be
vulnerable to a DoS attack, DHCP snooping only logs invalid messages if the
user has enabled logging. Logging is enabled on individual interfaces so that
only messages on interfaces of interest are logged. To further protect the
system, invalid message logging is rate limited to 1 per second.
359
Layer 2 Switching Commands
Advertisement
Table of Contents
