C
HAPTER
24
| General Security Measures
DHCPv4 Snooping
– 896 –
COMMAND MODE
Global Configuration
COMMAND USAGE
When the switch receives DHCP packets from clients that already include
DHCP Option 82 information, the switch can be configured to set the action
policy for these packets. The switch can either drop the DHCP packets,
keep the existing information, or replace it with the switch’s relay
information.
EXAMPLE
Console(config)#ip dhcp snooping information policy drop
Console(config)#
ip dhcp snooping
limit rate
This command sets the maximum number of DHCP packets that can be
trapped by the switch for DHCP snooping. Use the no form to restore the
default setting.
SYNTAX
ip dhcp snooping limit rate rate
no dhcp snooping limit rate
rate - The maximum number of DHCP packets that may be trapped
for DHCP snooping. (Range: 1-2048 packets/second)
DEFAULT SETTING
Disabled
COMMAND MODES
Global Configuration
EXAMPLE
This example sets the DHCP snooping rate limit to 100 packets per second.
Console(config)#ip dhcp snooping limit rate 100
Console(config)#
ip dhcp snooping
verify mac-address
This command verifies the client’s hardware address stored in the DHCP
packet against the source MAC address in the Ethernet header. Use the no
form to disable this function.
SYNTAX
[no] ip dhcp binding verify mac-address
DEFAULT SETTING
Enabled
To Next Page
Loading...
Need help?
General
