45-14
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 45 Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
Configuring DHCP Snooping
To prevent the port from shutting down, you can use the errdisable detect cause dhcp-rate-limit action
shutdown vlan global configuration command to shut down just the offending VLAN on the port where
the violation occurred.
To limit the rate of incoming DHCP packets, perform this task:
To return to the default rate-limit configuration, use the no ip dhcp-rate-limit interface configuration
command. To disable error recovery for DHCP inspection, use the
no errdisable recovery cause dhcp-rate-limit global configuration command.
This example shows how to set an upper limit for the number of incoming packets (100 pps) and to
specify a burst interval (1 second):
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface g3/31
Switch(config-if)# ip dhcp-rate-limit rate 100 burst interval 1
Switch(config-if)# exit
Switch(config)# errdisable recovery cause dhcp-rate-limit
Switch(config)# exit
Switch# show interfaces status
Port Name Status Vlan Duplex Speed Type
Te1/1 connected 1 full 10G 10GBase-LR
Te1/2 connected vl-err-dis full 10G 10GBase-LR
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# errdisable detect
cause
dhcp-rate-limit [action
shutdown vlan
]
Enables per-VLAN errdisable detection.
Step 3
Switch(config)# interface
interface-id
Specifies the interface to be rate-limited, and enter interface
configuration mode.
Step 4
Switch(config-if)# [no] ip dhcp
snooping limit
rate
Limits the rate of incoming DHCP requests and responses on the
interface.
The default rate is disabled.
Step 5
Switch(config-if)# exit
Returns to global configuration mode.
Step 6
Switch(config)# errdisable recovery
{cause dhcp-rate-limit |
interval
interval}
(Optional) Enables error recovery from the DHCP errdisable state.
By default, recovery is disabled, and the recovery interval is 300
seconds.
For interval interval, specify the time in seconds to recover from the
errdisable state. The range is 30 to 86400.
Step 7
Switch(config)# exit
Returns to privileged EXEC mode.
Step 8
Switch# show interfaces status
Verifies your settings.
Step 9
Switch# show errdisable recovery
Verifies your settings.
Step 10
Switch# copy running-config
startup-config
(Optional) Saves your entries in the configuration file.
