Administrator Guide
Layer 2 Switching Commands 364
ipv6 dhcp snooping limit
Use the ipv6 dhcp snooping limit command configures an interface to be
diagnostically disabled if the rate of received DHCP messages exceeds the
configured limit. Use the no shutdown command to reenable the interface.
Use the no form of the command to disable diagnostic disabling of the
interface.
Syntax
ipv6 dhcp snooping limit {rate pps [burst interval seconds]}
no ipv6 dhcp snooping limit
• pps—The rate in packets per interval. (Range 0-300.)
• seconds—The time interval over which to measure a burst of packets.
(Range 1-15, default 1 second.)
Default Configuration
By default, DHCP messages do not shut down the interface.
Command Modes
Interface Configuration mode
User Guidelines
The switch hardware rate limits DHCP packets sent to the CPU from
snooping enabled interfaces to 512 Kbps.
To prevent DHCP packets from being used in a DoS attack when DHCP
snooping is enabled, the snooping application allows configuration of rate
limiting for received DHCP packets. DHCP snooping monitors the receive
rate on each interface separately. If the receive rate exceeds the configured
limit within the configured interval, DHCP snooping diagnostically disables
the interface. The administrator must perform the no shutdown command
on the affected interface to reenable the interface.