DELL N3000 User Manual

Snooping and Inspecting Traffic

re-enable the port. DAI rate limiting cannot be enabled on trusted interfaces. 

Use the no ip arp inspection limit command to disable diagnostic disabling 

of untrused ports due to DAI.

DHCP Snooping, IPSG, and DAI are security features that can help protect 

the switch and the network against various types of accidental or malicious 

attacks. It might be a good idea to enable these features on ports that provide 

network access to hosts that are in physically unsecured locations or if 

network users connect nonstandard hosts to the network.
For example, if an employee unknowingly connects a workstation to the 

network that has a DHCP server, and the DHCP server is enabled, hosts that 

attempt to acquire network information from the legitimate network DHCP 

server might obtain incorrect information from the rogue DHCP server. 

However, if the workstation with the rogue DHCP server is connected to a 

port that is configured as untrusted and is a member of a DHCP Snooping-

enabled VLAN, the port discards the DHCP server messages.

DHCP snooping is disabled globally and on all VLANs by default. Ports are 

untrusted by default.

DHCP snooping mode

Disabled

DHCP snooping VLAN mode

Disabled on all VLANs

Interface trust state

Disabled (untrusted)

DHCP logging invalid packets

Disabled

DHCP snooping rate limit

15 packets per second

DHCP snooping burst interval

1 second

DHCP snooping binding database 

storage

Local

DHCP snooping binding database 

write delay

300 seconds