To identify DHCP packets from unauthorized DHCP servers, DHCP snooping delivers all incoming
•
DHCP packets to the CPU. If a malicious user sends a large number of DHCP requests to the DHCP
snooping device, the CPU of the device will be overloaded, and the device may even crash. To
solve this problem, you can configure DHCP packet rate limit on relevant interfaces.
Configuration procedure
Follow these steps to configure DHCP packet rate limit:
To do...
Enter system view
Enter Layer 2 Ethernet port
view or Layer 2 aggregate
interface view
Configure the maximum rate
of incoming DHCP packets
Displaying and maintaining DHCP snooping
To do...
Display DHCP snooping entries
Display Option 82 configuration
information on the DHCP snooping
device
Display DHCP packet statistics on the
DHCP snooping device (in standalone
mode)
Display DHCP packet statistics on the
DHCP snooping device (in IRF mode)
Display information about trusted ports
Display the DHCP snooping entry file
information
Clear DHCP snooping entries
Clear DHCP packet statistics on the
DHCP snooping device (in standalone
mode)
Clear DHCP packet statistics on the
DHCP snooping device (in IRF mode)
Use the command...
system-view
interface interface-type
interface-number
dhcp-snooping rate-limit rate
Use the command...
display dhcp-snooping [ ip ip-address ]
[ | { begin | exclude | include }
regular-expression ]
display dhcp-snooping information { all |
interface interface-type interface-number }
[ | { begin | exclude | include }
regular-expression ]
display dhcp-snooping packet statistics
[ slot slot-number ] [ | { begin | exclude |
include } regular-expression ]
display dhcp-snooping packet statistics
[ chassis chassis-number slot slot-number ]
[ | { begin | exclude | include }
regular-expression ]
display dhcp-snooping trust [ | { begin |
exclude | include } regular-expression ]
display dhcp-snooping binding database
[ | { begin | exclude | include }
regular-expression ]
reset dhcp-snooping { all | ip ip-address }
reset dhcp-snooping packet statistics
[ slot slot-number ]
reset dhcp-snooping packet statistics
[ chassis chassis-number slot slot-number ]
78
Remarks
—
—
Required
Not configured by default.
Remarks
Available in any view
Available in any view
Available in any view
Available in any view
Available in any view
Available in any view
Available in user view
Available in user view
Available in user view