Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

53-14

Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E

OL_28731-01

Chapter 53 Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts

Configuring DHCP Snooping

To prevent the port from shutting down, you can use the errdisable detect cause dhcp-rate-limit action

shutdown vlan global configuration command to shut down just the offending VLAN on the port where

the violation occurred.

To limit the rate of incoming DHCP packets, perform this task:

To return to the default rate-limit configuration, use the no ip dhcp-rate-limit interface configuration

command. To disable error recovery for DHCP inspection, use the no errdisable recovery cause

dhcp-rate-limit global configuration command.

This example shows how to set an upper limit for the number of incoming packets (100 pps) and to

specify a burst interval (1 second):

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# interface g3/31

Switch(config-if)# ip dhcp-rate-limit rate 100 burst interval 1

Switch(config-if)# exit

Switch(config)# errdisable recovery cause dhcp-rate-limit

Switch(config)# exit

Switch# show interfaces status

Port Name Status Vlan Duplex Speed Type

Te1/1 connected 1 full 10G 10GBase-LR

Te1/2 connected vl-err-dis full 10G 10GBase-LR

Command Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# errdisable detect

cause

dhcp-rate-limit [action

shutdown vlan

]

Enables per-VLAN errdisable detection.

Step 3

Switch(config)# interface

interface-id

Specifies the interface to be rate-limited, and enter interface

configuration mode.

Step 4

Switch(config-if)# [no] ip dhcp

snooping limit

rate

Limits the rate of incoming DHCP requests and responses on the

interface.

The default rate is disabled.

Step 5

Switch(config-if)# exit

Returns to global configuration mode.

Step 6

Switch(config)# errdisable recovery

{cause dhcp-rate-limit |

interval

interval}

(Optional) Enables error recovery from the DHCP errdisable state.

By default, recovery is disabled, and the recovery interval is 300

seconds.

For interval interval, specify the time in seconds to recover from the

errdisable state. The range is 30 to 86400.

Step 7

Switch(config)# exit

Returns to privileged EXEC mode.

Step 8

Switch# show interfaces status

Verifies your settings.

Step 9

Switch# show errdisable recovery

Verifies your settings.

Step 10

Switch# copy running-config

startup-config

(Optional) Saves your entries in the configuration file.

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Software Configuration Guide2086 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E