Specifications
set dhcpsnooping limit
18-10 DHCP Snooping and Dynamic ARP Inspection
set dhcpsnooping limit
UsethiscommandtoconfigureratelimitingparametersforincomingDHCPpacketsonaportor
ports.
Syntax
set dhcpsnooping limit port-string {none | rate pps {burst interval secs]}
Parameters
Defaults
Rate=15packetspersecond
BurstInterval=1second
Mode
Switchcommand,read‐write.
Usage
ToprotecttheswitchfromDHCPattackswhenDHCPsnoopingisenabled,thesnooping
applicationenforcesarateli mitforDHCPpacketsreceivedonuntrustedinterfaces.DHCP
snoopingmonitorsthereceiverateoneachinterfaceseparately.Ifthereceiverateexceedsthe
configuredlimit,DHCPsnoopingbringsdowntheinterface.You
canre‐enabletheinterfac ewith
thesetportenablecommand.Boththerateandtheburstintervalcanbeconfigured.
Youcandisplaythecurrentlyconfiguredratelimitparameterswiththeshowdhcpsnoopingport
command.
Example
Thisexampleconfiguresratelimitparametersonportge.1.1.
B2(rw)->set dhcpsnooping limit ge.1.1 rate 20 burst interval 2
B2(rw)->show dhcpsnooping port ge.1.1
Interface Trust State Rate Limit Burst Interval
(pps) (seconds)
---------- ------------- ------------- ---------------
ge.1.1 No 20 2
port‐string Specifiestheportorportstowhichtoapplytheseratelimiting
parameters.
none ConfiguresnolimitonincomingDHCPpackets.
ratepps Specifiesaratelimitinpacketspersecond.Thevalueofppscan range
from0to100packetspersecond.
burstintervalsecs Specifiesaburstintervalin
seconds.Thevalueofsecscanrangefrom1
to15seconds.