Cisco Systems WSC4500X24XIPB Switch User Manual

Open as PDF

of 680

31-4

Software Configuration Guide—Release 12.2(25)SG

OL-7659-03

Chapter31 Configuring DHCP Snooping and IP Source Guard

Configuring DHCP Snooping on the Switch

If you want to change the default configuration values, see the “Enabling DHCP Snooping” section.

Enabling DHCP Snooping

Note When DHCP snooping is enabled globally, DHCP requests are dropped until the ports are configured.

Consequently, you should probably configure this feature during a maintenance window and not during

production.

To enable DHCP snooping, perform this task:

You can configure DHCP snooping for a single VLAN or a range of VLANs. To configure a single

VLAN, enter a single VLAN number. To configure a range of VLANs, enter a beginning and an ending

VLAN number or a dash and range of VLANs.

Table 31-1 Default Configuration Values for DHCP Snooping

Option Default Value/State

DHCP snooping Disabled

DHCP snooping information option Enabled

DHCP snooping information option

allow-untrusted

Disabled

DHCP snooping limit rate Infinite (functions as if rate limiting were disabled)

DHCP snooping trust Untrusted

DHCP snooping vlan Disabled

Command Purpose

Step 1

Switch(config)# ip dhcp snooping

Enables DHCP snooping globally.

You can use the no keyword to disable DHCP snooping.

Step 2

Switch(config)# ip dhcp snooping vlan

number

[

number

] | vlan {

vlan range

}]

Enables DHCP snooping on your VLAN or VLAN range

Step 3

Switch(config-if)# ip dhcp snooping trust

Configures the interface as trusted or untrusted.

You can use the no keyword to configure an interface to

receive messages from an untrusted client.

Step 4

Switch(config-if)# ip dhcp snooping limit rate

rate

Configures the number of DHCP packets per second

(pps) that an interface can receive.

1. Cisco recommends not configuring the untrusted interface rate limit to more than 100 packets per second. The recommended rate limit for

each untrusted client is 15 packets per second. Normally, the rate limit applies to untrusted interfaces. If you want to set up rate limiting for

trusted interfaces, keep in mind that trusted interfaces aggregate all DHCP traffic in the switch, and you will need to adjust the rate limit to a

higher value. You should fine tune this threshold depending on the network configuration. The CPU should not receive DHCP packets at a

sustained rate of more than 1,000 packets per second

Step 5

Switch(config)# end

Exits configuration mode.

Step 6

Switch# show ip dhcp snooping

Verifies the configuration.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems WSC4500X24XIPB Switch User Manual