Configurations

DHCP snooping requires two commands to enable it:

  • ip dhcp snooping

  • ip dhcp snooping vlan <vlan-number>

DAI only requires one:

  • ip arp inspection vlan <vlan-number>

DAI rate limiting is enabled on untrusted ports by default with a rate of 15 packets per seconds.

It is disabled on trusted ports by default.

  • DHCP snooping rate limiting is disabled on all interfaces by default.

DHCP snooping rate limiting is configured like this:

  • x packets per second

The DAI burst interval allows you to configure rate limiting like this:

  • x packets per y seconds

The burst interval is optional. If you don't specify it, the default is 1 second.

If ARP messages are received faster than the specified rate, the interface will be err-disabled. It can be re-enabled in two ways:

  1. shutdown and no shutdown

  2. errdisable recovery cause arp-inspection

PreviousOperationsNextOptional Checks

Last updated