DHCP Snooping Commands 335ip dhcp snooping limitUse the ip dhcp snooping limit command to diagnostically disable itself ifthe rate of received DHCP messages exceeds the configured limit. Use the noshutdown command to re-enable the interface. Use the no form of thiscommand to disable automatic shutdown of the interface.Syntaxip dhcp snooping limit {raterate [burst intervalseconds]}no ip dhcp snooping limit•rate— The maximum number of packets per second allowed (Range:0–300 pps).•seconds—Interval over which to measure a burst of packets. (Range: 1–15seconds).Default ConfigurationBy default, DCHP messages do not cause an interface to be disabled.Command ModeInterface Configuration (gigabitethernet, port-channel, tengigabitethernet,fortygigabitethernet) modeUser GuidelinesThe switch hardware rate limits DHCP packets sent to the CPU fromsnooping enabled interfaces to 512 Kbps.To prevent DHCP packets from being used in a DoS attack when DHCPsnooping is enabled; the snooping application allows configuration of ratelimiting for received DHCP packets. DHCP snooping monitors the receiverate on each interface separately. If the receive rate exceeds the configuredlimit within the configured interval, DHCP snooping shuts down theinterface. The administrator must perform the “no shutdown” command onthe affected interface to re-enable the interface.The administrator can configure the rate and burst interval. Rate limiting isconfigured independently on each physical interface and may be enabled onboth trusted and untrusted interfaces. The rate limit is configurable in the