Use the DHCP Snooping Interface Configuration page to view and configure the DHCP (Dynamic Host Configuration Protocol) snooping settings for each interface. The DHCP snooping feature processes incoming DHCP messages.
For DHCPRELEASE and DHCPDECLINE messages, the feature compares the receive interface and VLAN with the client's interface and VLAN in the binding database. If the interfaces do not match, the application logs the event (when logging of invalid packets is enabled) and drops the message. If MAC address validation is globally enabled, messages that pass the initial validation are checked to verify that the source MAC address and the DHCP client hardware address match. Where there is a mismatch, DHCP snooping logs the event (when logging of invalid packets is enabled) and drops the packet. To change the DHCP Snooping settings for one or more interfaces, select each entry to modify and click Edit. The same settings are applied to all selected interfaces.
To access this page, click
in the navigation menu.Field | Description |
---|---|
Interface | The interface associated with the rest of the data in the row. When configuring the settings for one or more interfaces, this field identifies each interface that is being configured. |
Trust State | The trust state configured on the interface. The trust state is one of the following:
|
Log Invalid Packets | The administrative mode of invalid packet logging on the interface. When enabled, the DHCP snooping feature generates a log message when an invalid packet is received and dropped by the interface. |
Rate Limit (pps) | The rate limit value for DHCP packets received on the interface. To prevent DHCP packets from being used as a DoS attack when DHCP snooping is enabled, the snooping application enforces a rate limit for DHCP packets received on untrusted interfaces. If the incoming rate of DHCP packets exceeds the value of this object during the amount of time specified for the burst interval, the port will be shutdown. You must administratively enable the port to allow it to resume traffic forwarding. |
Burst Interval (Seconds) | The burst interval value for rate limiting on this interface. If the rate limit is unspecified, then burst interval has no meaning. |
Click Refresh to refresh the page with the most current data from the switch.