Notes
If this is not set, the DHCP relay agent cannot be connected to an untrusted port
because the source MAC address is checked.
(3) Setting the binding database for which forwarding of ARP packets is to be
permitted on untrusted ports
Points to note
To forward ARP packets sent from a DHCP relay agent connected to an untrusted
port, set the address of the DHCP relay agent in the binding database.
Command examples
1.
(config)# ip source binding 1234.5600.dd01 vlan 2 192.168.100.252
interface fastethernet 0/1
Enters the MAC address of the DHCP relay agent, the VLAN ID containing the
DHCP relay agent, the IP address of the DHCP agent, and the number of the port to
which the DHCP relay agent is connected, in the binding database.
(4) Setting terminal filtering that filters only IP addresses on untrusted ports
Points to note
Because the source MAC addresses in the packets sent from the DHCP clients are
rewritten while the packets go through the Layer 3 switch, configure terminal filtering
so that it filters only IP addresses on the untrusted port.
Command examples
1.
(config)# interface fastethernet 0/1
(config-if)# ip verify source
(config-if)# exit
Configures terminal filtering that filters only IP addresses on port 0/1.
23.2.5 Setting the rate of DHCP packet reception
Use the configuration to limit the reception rate on ports that receive DHCP packets.
You can configure DHCP snooping as described in 23.2.3 Basic configuration (when DHCP
snooping is performed via a Layer 3 switch).
(1) Setting the reception rate
Points to note
The following example sets the reception rate of port 0/1 that receives DHCP
packets from the terminal.
Command examples
1.
(config)# interface fastethernet 0/1
(config-if)# ip dhcp snooping limit rate 50
(config-if)# exit
Set 50 packets per second as the reception rate for port 0/1.
23.2.6 Setting the dynamic ARP inspection functionality
This subsection describes the basic configuration for using the dynamic ARP inspection
functionality.
You can configure DHCP snooping as described in 23.2.3 Basic configuration (when DHCP
snooping is performed via a Layer 3 switch).
(1) Setting the VLANs used for dynamic ARP inspection (targets for the basic
23 DHCP Snooping
425