Configurations

DHCP snooping requires two commands to enable it:

• ip dhcp snooping

• ip dhcp snooping vlan <vlan-number>

DAI only requires one:

• ip arp inspection vlan <vlan-number>

DAI rate limiting is enabled on untrusted ports by default with a rate of 15 packets per seconds.

It is disabled on trusted ports by default.

• DHCP snooping rate limiting is disabled on all interfaces by default.

DHCP snooping rate limiting is configured like this:

• x packets per second

The DAI burst interval allows you to configure rate limiting like this:

• x packets per y seconds

The burst interval is optional. If you don't specify it, the default is 1 second.

If ARP messages are received faster than the specified rate, the interface will be err-disabled. It can be re-enabled in two ways:

1. shutdown and no shutdown

2. errdisable recovery cause arp-inspection