3 dhcp rate limit, 4 dhcp lease limit, 5 source mac address verification – Siemens S223 User Manual
Page 259
User Manual UMN:CLI
SURPASS hiD 6615 S223/S323 R1.5
A50010-Y3-C150-2-7619 259
8.8.7.3 DHCP
Rate
Limit
To set the number of DHCP packet per second (pps) that an interface can receive, use
the following command.
Command Mode
Description
ip dhcp snooping limit-rate
PORTS
<1-255>
Sets a rate limit for DHCP packets. (unit: pps)
no ip dhcp snooping limit-rate
PORTS
Global
Deletes a rate limit for DHCP packets.
Normally, the DHCP rate limit is specified to untrusted interfaces and 15 pps is recom-
mended for a proper value. However, if you want to set a rate limit for trusted interfaces,
keep in mind that trusted interfaces aggregate all DHCP traffic in the switch, and you will
need to adjust the rate limit to a higher value.
8.8.7.4
DHCP Lease Limit
The number of entry registration in DHCP snooping binding table can be limited. If there
are too many DHCP clients on an interface and they request IP address at the same time,
it may cause IP pool exhaustion.
To set the number of entry registration in DHCP snooping binding table, use the following
command.
Command Mode
Description
ip dhcp snooping limit-lease
PORTS
<1-2147483637>
Enables a DHCP lease limit on a specified untrusted
port.
1-2147483637: the number of entry registration
no ip dhcp snooping limit-lease
PORTS
Global
Deletes a DHCP lease limit.
You can limit the number of entry registration only for untrusted interfaces, because the
DHCP snooping binding table only contains the information for DHCP messages from un-
trusted interfaces.
8.8.7.5 Source
MAC
Address
Verification
The hiD 6615 S223/S323 can verify that the source MAC address in a DHCP packet that
is received on untrusted ports matches the client hardware address in the packet.
To enable the source MAC address verification, use the following command.
Command Mode
Description
ip dhcp snooping verify mac-address
Enables the source MAC address veri-
fication.
no ip dhcp snooping verify mac-address
Global
Disables the source MAC address veri-
fication.
i
!