Enabling The Dhcp Snooping Database Agent - Cisco Catalyst 4500 series Administration Manual

Chapter 53 Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts

Enabling the DHCP Snooping Database Agent

To configure the database agent, perform one or more of the following tasks:
Command
Switch(config)# ip dhcp snooping database {url |
write-delay seconds | timeout seconds}
Switch(config)# no ip dhcp snooping database
[write-delay | timeout]
Switch# show ip dhcp snooping database [detail]
Switch# clear ip dhcp snooping database statistics
Switch# renew ip dhcp snooping database [validation
none] [url]
Switch# ip dhcp snooping binding mac-addr vlan vlan
ipaddr interface ifname expiry lease-in-seconds
Switch# no ip dhcp snooping binding mac-addr vlan
vlan ipaddr interface ifname
Note Because both NVRAM and bootflash have limited storage capacity, you should use TFTP or
network-based files. If you use flash to store the database file, new updates (by the agent) result in the
creation of new files (flash fills quickly). Moreover, because of the nature of the file system used on
flash, a large number of files can cause slow access. When a file is stored in a remote location accessible
through TFTP, an RPR or SSO standby supervisor engine can take over the binding list when a
switchover occurs.
Note Network-based URLs (such as TFTP and FTP) require that you create an empty file at the configured
URL before the switch can write the set of bindings for the first time.
Limiting the Rate of Incoming DHCP Packets
The switch CPU performs DHCP validation checks; therefore, the number of incoming DHCP packets
is rate-limited to prevent a denial-of-service attack.
When the rate of incoming DHCP packets exceeds the configured limit, the switch places the port in the
errdisabled state. The port remains in that state until you intervene or you enable errdisable recovery so
that ports automatically emerge from this state after a specified timeout period.
Unless you explicitly configure a rate limit on an interface, changing the trust state of the interface also
Note
changes its rate limit to the default value for that trust state. After you configure the rate limit, the
interface retains the rate limit even when its trust state is changed. If you enter the
no ip dhcp snooping limit rate interface configuration command, the interface reverts to its default rate
limit.
OL_28731-01
Purpose
(Required) Configures a URL for the database agent (or file)
and the related timeout values.
(Optional) Displays the current operating state of the
database agent and statistics associated with the transfers.
(Optional) Clears the statistics associated with the database
agent.
(Optional) Requests the read entries from a file at the given
URL.
(Optional) Adds or deletes bindings to the snooping database.
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
Configuring DHCP Snooping
53-13