Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1247
Views
0
Helpful
2
Replies

Rate-limit DHCP relay traffic

Go to solution
Ehsan M.
Level 1
Level 1

‎07-31-2013 12:37 PM - edited ‎03-07-2019 02:41 PM

Hi All,

I'm seeing unusual DHCP relay (IP-helper) request on my Router. It could be a faulty Workstation or something sitting somewhere causing problem. AS an interim solution, since the WAN bandwidth (T1) seems is being completely eaten up by DHCP requests and offers (UDP 67 and 68), I would like to put a traffic shaping/rate limiting policy in place on the router so that I can rate limit DHCP requests and offers process. Do you guys know of any template command so that I can identify dhcp traffic and rate-limit those only?

Your help is much appreciated.

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎07-31-2013 11:54 PM

Hello Ehsan,

There is no template command I know but perhaps we can configure a simple policing on the DHCP messages.

ip access-list extended DHCP

  permit udp any eq bootpc any eq bootps

!

class-map DHCP

  match access-group name DHCP

!

policy-map P1

  class DHCP

    police 100000 conform-action transmit exceed-action drop

!

interface FastEthernet0/0

  service-policy input P1

This example assumes that the Fa0/0 is the interface that receives incoming DHCP requests from clients and throttles them down. The policing is currently set at 100Kbps which should be a resonable limit for sane DHCP traffic (change as necessary - the value is in bits per second). Exceeding DHCP messages will be dropped.

Best regards,

Peter

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎07-31-2013 11:54 PM

Hello Ehsan,

There is no template command I know but perhaps we can configure a simple policing on the DHCP messages.

ip access-list extended DHCP

  permit udp any eq bootpc any eq bootps

!

class-map DHCP

  match access-group name DHCP

!

policy-map P1

  class DHCP

    police 100000 conform-action transmit exceed-action drop

!

interface FastEthernet0/0

  service-policy input P1

This example assumes that the Fa0/0 is the interface that receives incoming DHCP requests from clients and throttles them down. The policing is currently set at 100Kbps which should be a resonable limit for sane DHCP traffic (change as necessary - the value is in bits per second). Exceeding DHCP messages will be dropped.

Best regards,

Peter

0 Helpful

Go to solution
Ehsan M.
Level 1
Level 1
In response to Peter Paluch

‎08-01-2013 05:03 PM

Thank you very much Peter! That indeed helped. I was also able to identify the source of the problem which was couple of Access Points were causing this issue.


Thanks for the help!!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card