Configuration Guide 557
Configuring Network Security DHCP Snooping Configuration
Step 5 ip dhcp snooping limit rate
value
Enable the limit rate feature and specify the maximum number of DHCP messages that can
be forwarded on the port per second. The excessive DHCP packets will be discarded.
value:
Specify the limit rate value. The following options are provided: 0, 5,10,15,20,25 and
30 (packets/second). The default value is 0, which indicates disabling limit rate.
Step 6 ip dhcp snooping decline rate
value
Enable the decline protect feature and specify the maximum number of Decline packets
can be forwarded per second on the port. The excessive DHCP Decline packets will be
discarded.
value:
Specify the limit rate value of Decline packets. The following options are provided: 0,
5,10,15,20,25 and 30 (packets/second). The default value is 0, which indicates disabling this
feature.
Step 7 show ip dhcp snooping interface [ gigabitEthernet
port
| port-channel
port-channel-id
]
Verify the DHCP Snooping configuration of the port.
Step 8 end
Return to privileged EXEC mode.
Step 9 copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to configure port 1/0/1 as a trusted port, enable the
MAC verify feature, and set the limit rate as 10 pps and decline rate as 20 pps on this port:
Switch#configure
Switch(config)#interface gigabitEthernet 1/0/1
Switch(config-if)#ip dhcp snooping trust
Switch(config-if)#ip dhcp snooping mac-verify
Switch(config-if)#ip dhcp snooping limit rate 10
Switch(config-if)#ip dhcp snooping decline rate 20
Switch(config-if)#show ip dhcp snooping interface gigabitEthernet 1/0/1
Interface Trusted MAC-Verify Limit-Rate Dec-rate LAG
--------- ------- ---------- ---------- -------- ---
Gi1/0/1 Enable Enable 10 20 N/A
Switch(config-if)#end
Switch#copy running-config startup-config
To Next Page
Loading...
