Chapter 9
| General Security Measures
DHCPv4 Snooping
– 345 –
Command Usage
When the switch receives DHCP packets from clients that already include DHCP
Option 82 information, the switch can be configured to set the action policy for
these packets. The switch can either drop the DHCP packets, keep the existing
information, or replace it with the switch’s relay information.
Example
Console(config)#ip dhcp snooping information policy drop
Console(config)#
ip dhcp snooping
limit rate
This command sets the maximum number of DHCP packets that can be trapped by
the switch for DHCP snooping. Use the no form to restore the default setting.
Syntax
ip dhcp snooping limit rate rate
no dhcp snooping limit rate
rate - The maximum number of DHCP packets that may be trapped for
DHCP snooping. (Range: 1-2048 packets/second)
Default Setting
Disabled
Command Mode
Global Configuration
Example
This example sets the DHCP snooping rate limit to 100 packets per second.
Console(config)#ip dhcp snooping limit rate 100
Console(config)#
ip dhcp snooping
verify mac-address
This command verifies the client’s hardware address stored in the DHCP packet
against the source MAC address in the Ethernet header. Use the no form to disable
this function.
Syntax
[no] ip dhcp snooping verify mac-address
Default Setting
Enabled
To Next Page
Loading...
Need help?
General