cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
869
Views
0
Helpful
2
Replies
Ehsan M.
Beginner

Rate-limit DHCP relay traffic

Hi All,

I'm seeing unusual DHCP relay (IP-helper) request on my Router. It could be a faulty Workstation or something sitting somewhere causing problem. AS an interim solution, since the WAN bandwidth (T1) seems is being completely eaten up by DHCP requests and offers (UDP 67 and 68), I would like to put a traffic shaping/rate limiting policy in place on the router so that I can rate limit DHCP requests and offers process. Do you guys know of any template command so that I can identify dhcp traffic and rate-limit those only?

Your help is much appreciated.

Thanks,

1 ACCEPTED SOLUTION

Accepted Solutions
Peter Paluch
Hall of Fame Cisco Employee

Hello Ehsan,

There is no template command I know but perhaps we can configure a simple policing on the DHCP messages.

ip access-list extended DHCP

  permit udp any eq bootpc any eq bootps

!

class-map DHCP

  match access-group name DHCP

!

policy-map P1

  class DHCP

    police 100000 conform-action transmit exceed-action drop

!

interface FastEthernet0/0

  service-policy input P1

This example assumes that the Fa0/0 is the interface that receives incoming DHCP requests from clients and throttles them down. The policing is currently set at 100Kbps which should be a resonable limit for sane DHCP traffic (change as necessary - the value is in bits per second). Exceeding DHCP messages will be dropped.

Best regards,

Peter

View solution in original post

2 REPLIES 2
Peter Paluch
Hall of Fame Cisco Employee

Hello Ehsan,

There is no template command I know but perhaps we can configure a simple policing on the DHCP messages.

ip access-list extended DHCP

  permit udp any eq bootpc any eq bootps

!

class-map DHCP

  match access-group name DHCP

!

policy-map P1

  class DHCP

    police 100000 conform-action transmit exceed-action drop

!

interface FastEthernet0/0

  service-policy input P1

This example assumes that the Fa0/0 is the interface that receives incoming DHCP requests from clients and throttles them down. The policing is currently set at 100Kbps which should be a resonable limit for sane DHCP traffic (change as necessary - the value is in bits per second). Exceeding DHCP messages will be dropped.

Best regards,

Peter

View solution in original post

Thank you very much Peter! That indeed helped. I was also able to identify the source of the problem which was couple of Access Points were causing this issue.


Thanks for the help!!!