Traffic Snooping and Inspection Configuration
Examples
This section contains the following examples:
•
Configuring DHCP Snooping
•
Configuring IPSG
Configuring DHCP Snooping
In this example, DHCP snooping is enabled on VLAN 100. Ports 1-20
connect end users to the network and are members of VLAN 100. These ports
are configured to limit the maximum number of DHCP packets with a rate
limit of 100 packets per second. LAG 1, which is also a member of VLAN 100
and contains ports 21-24, is the trunk port that connects the switch to the
data center, so it is configured as a trusted port.
Figure 27-25. DHCP Snooping Configuration Topology
The commands in this example also enforce rate limiting and remote storage
of the bindings database. The switch has a limited amount of storage space in
NVRAM and flash memory, so the administrator specifies that the DHCP
snooping bindings database is stored on an external TFTP server.
910
Snooping and Inspecting Traffic