Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Rate-limit DHCP relay traffic

Hi All,

I'm seeing unusual DHCP relay (IP-helper) request on my Router. It could be a faulty Workstation or something sitting somewhere causing problem. AS an interim solution, since the WAN bandwidth (T1) seems is being completely eaten up by DHCP requests and offers (UDP 67 and 68), I would like to put a traffic shaping/rate limiting policy in place on the router so that I can rate limit DHCP requests and offers process. Do you guys know of any template command so that I can identify dhcp traffic and rate-limit those only?

Your help is much appreciated.

Thanks,

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Rate-limit DHCP relay traffic

Hello Ehsan,

There is no template command I know but perhaps we can configure a simple policing on the DHCP messages.

ip access-list extended DHCP

  permit udp any eq bootpc any eq bootps

!

class-map DHCP

  match access-group name DHCP

!

policy-map P1

  class DHCP

    police 100000 conform-action transmit exceed-action drop

!

interface FastEthernet0/0

  service-policy input P1

This example assumes that the Fa0/0 is the interface that receives incoming DHCP requests from clients and throttles them down. The policing is currently set at 100Kbps which should be a resonable limit for sane DHCP traffic (change as necessary - the value is in bits per second). Exceeding DHCP messages will be dropped.

Best regards,

Peter

2 REPLIES
Cisco Employee

Rate-limit DHCP relay traffic

Hello Ehsan,

There is no template command I know but perhaps we can configure a simple policing on the DHCP messages.

ip access-list extended DHCP

  permit udp any eq bootpc any eq bootps

!

class-map DHCP

  match access-group name DHCP

!

policy-map P1

  class DHCP

    police 100000 conform-action transmit exceed-action drop

!

interface FastEthernet0/0

  service-policy input P1

This example assumes that the Fa0/0 is the interface that receives incoming DHCP requests from clients and throttles them down. The policing is currently set at 100Kbps which should be a resonable limit for sane DHCP traffic (change as necessary - the value is in bits per second). Exceeding DHCP messages will be dropped.

Best regards,

Peter

New Member

Rate-limit DHCP relay traffic

Thank you very much Peter! That indeed helped. I was also able to identify the source of the problem which was couple of Access Points were causing this issue.


Thanks for the help!!!

413
Views
0
Helpful
2
Replies