Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsEMC PowerSwitch N3100 Series
351352353354355356357358359360
Layer 2 Switching Commands 355
seconds Interval over which to measure a burst of packets. (Range: 1–15
seconds).
Default Configuration
By default, DCHP messages do not cause an interface to be disabled.
Command Mode
Interface Configuration (gigabitethernet, port-channel, tengigabitethernet,
fortygigabitethernet) mode
User Guidelines
This command is available in Ethernet interface configuration mode or port
channel interface configuration mode. The switch hardware rate limits
DHCP packets sent to the CPU from snooping enabled interfaces to 512
Kbps.
To prevent DHCP packets from being used in a DoS attack when DHCP
snooping is enabled; the snooping application allows configuration of rate
limiting for received DHCP packets. DHCP snooping monitors the receive
rate on each interface separately. If the receive rate exceeds the configured
limit within the configured interval, DHCP snooping shuts down the
interface. The administrator must perform the “no shutdown” command on
the affected interface to re-enable the interface.
The administrator can configure the rate and burst interval. Rate limiting is
configured independently on each Ethernet or port-channel interface and
may be enabled on both DHCP trusted and untrusted interfaces. The rate
limit is configurable in the range of 0-300 packets per second and the burst
interval in the range of 1-15 seconds. In general, a rate limit of under 100 pps
is valid for untrusted interfaces.
Examples
console(config-if-Gi1/0/1)#ip dhcp snooping limit rate 100 burst interval 1
ip dhcp snooping log-invalid
Use the ip dhcp snooping log-invalid command to enable logging of DHCP
messages filtered by the DHCP Snooping application. Use the no form of this
command to disable logging.