DHCP Snooping

Hello Atul

The purpose of the rate-limiting of DHCP packets in this particular case is to limit the number of DHCP messages sent by the host. Hosts can send DHCP Discover and DHCP Request packets. It is unusual for a host to send too many of these, so anything beyond a certain threshold can become suspicious, so it is useful to rate-limit these. More info on the types of packets sent in DHCP can be found here.

Now you can rate-limit DHCP packets on a trusted port, such as Fa0/2 in the lesson where the DHCP server is connected. However, this should be done with caution as DHCP servers may need to send many DHCP messages at particular times (like in the morning when all users turn on their PCs for example), so it is more difficult to determine what kind of limit to put there. In any case, a rate limit on a trusted port is not that useful, since it is trusted, and you expect DHCP packets to appear on that interface anyway. But these are the principles to keep in mind.

I hope this has been helpful!


1 Like