Configuring DHCP packet rate limit
You can configure DHCP packet rate limit only on Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces.
If a Layer 2 Ethernet interface belongs to an aggregation group, it uses the DHCP packet maximum rate configured on the corresponding Layer 2 aggregate interface.
To identify DHCP packets from unauthorized DHCP servers, DHCP snooping delivers all incoming DHCP packets to the CPU. If a malicious user sends a large number of DHCP requests to the DHCP snooping device, the CPU of the device will be overloaded, and the device may even crash. To solve this problem, you can configure DHCP packet rate limit on relevant interfaces.
To configure DHCP packet rate limit:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. | interface interface-type interface-number | N/A |
3. Configure the maximum rate of incoming DHCP packets. | dhcp-snooping rate-limit rate | Not configured by default |