Users Guide
Snooping and Inspecting Traffic 977
If DHCP relay co-exists with DHCP snooping, DHCP client messages are
sent to DHCP relay for further processing.
To prevent DHCP packets from being used as a DoS attack when DHCP
snooping is enabled, the snooping application enforces a rate limit for DHCP
packets received on interfaces. DHCP rate limiting can be configured on both
trusted and untrusted interfaces. DHCP snooping monitors the receive rate
on each interface separately. If the receive rate exceeds a configurable limit,
DHCP snooping diagnostically disables the interface. Administrative
intervention is necessary to enable the port, either by using the no shutdown
command in Interface Config mode or on the Switching
Ports
Port
Configuration page. Use the ip dhcp snooping limit none command to
disable diagnostic disabling of the port due to DHCP snooping.