It appears the answer is that it is unnecessary configuration. If DHCP snooping is not running on that VLAN, then this configuration has no effect.
I still couldn't find documentation that clearly states this, so I decided to test this myself.
Started off with DHCP snooping enabled for all VLANs and a rate limit of one (1) DHCP packet per second (assuming that the client will send the DISCOVER and REQUEST in one second if the DHCP server responds quickly enough):
router#show ip dhcp snoop
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
1-4094
Insertion of option 82 is disabled
Interface Trusted Rate limit (pps)
------------------------ ------- ----------------
FastEthernet0/8 no 1
router#show run int fa 0/8
Building configuration...
Current configuration : 230 bytes
!
interface FastEthernet0/8
switchport access vlan 841
switchport mode access
ip dhcp snooping limit rate 1
shutdown
end
Time for the control test, which should err-disable the port, which is exactly what occurs in about a second after the port transitions to up/up:
router#term mon
router#config t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#int fa 0/8
router(config-if)#no shut
router(config-if)#
Feb 13 22:57:04.589 CST: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to down
Feb 13 22:57:07.701 CST: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to up
Feb 13 22:57:08.553 CST: %PM-4-ERR_DISABLE: dhcp-rate-limit error detected on Fa0/8, putting Fa0/8 in err-disable state
Feb 13 22:57:08.561 CST: %DHCP_SNOOPING-4-DHCP_SNOOPING_RATE_LIMIT_EXCEEDED: The interface Fa0/8 is receiving more than the threshold set
Feb 13 22:57:10.561 CST: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to down
router(config-if)#shut
Since the control worked as expected, I now remove VLAN 841 from the DHCP snooping configuration and enable the port again. One minute later, I shut the port (to show the timestamp):
router(config-if)#no ip dhcp snooping vlan 841
router(config)#do sh ip dhcp snoop
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
1-840,842-4094
Insertion of option 82 is disabled
Interface Trusted Rate limit (pps)
------------------------ ------- ----------------
FastEthernet0/8 no 1
router(config)#int fa 0/8
router(config-if)#no shut
router(config-if)#
Feb 13 22:58:49.150 CST: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to down
Feb 13 22:58:52.290 CST: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to up
Feb 13 22:58:53.290 CST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to up
router(config-if)#shut
Feb 13 22:59:55.119 CST: %LINK-5-CHANGED: Interface FastEthernet0/8, changed state to administratively down
Feb 13 22:59:56.119 CST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to down
Repeated multiple times with the same results using the following:
- Three different client devices
- 2950 running 12.1(22)EA14
- 3750 running 12.2(55)SE8
Would still love for someone to find documentation for this though.
The basic process is quite simple. I'll only cover that and omit scenarios where several DHCP servers exist, error conditions crop up or discovery has to cross network boundaries.
- A new client on a network sends a DHCPDISCOVER via udp from
address 0.0.0.0 to 255.255.255.255:67 (broadcast, port 67).
- If there is at least one DHCP servers listining in the network segment
it responds with a DHCPOFFER to broadcast on port 68. DHCPOFFER
includes all required settings for the client.
- The client now sends DHCPREQUEST to the DHCP server, still using the anonymous
0.0.0.0 address.
- The contacted DHCP server replies with a DHCPACK, which signals to the client that it may use the provided details.
For more information on the DHCP packet content and what to do in error cases read the Wikipedia article: https://en.wikipedia.org/wiki/DHCP
Best Answer
Your access point are the controller based version, I.E. lightweight, that means they are supposed to connect to a Wireless Lan Controller ("WLC")
At startup the access points get an IP from DHCP then try (by several methods) to join a WLC. When they fell to do so, they reset their network interface and try again until they succeed.
You cannot use such AP (with this software) without a WLC.
They can be converted to autonomous (standalone) mode by uploading another software into the AP. The easiest way to do so is... ...from a WLC, and it requires that you do have the software available (trough a Cisco support contract).
Such AP have in their product name either "L" (for "LightWeight") or a "C" (for "CAPWAP based").
A standalone AP (without L or C in the name) may have been converted to lightweight mode. In this case the original software may still be present in flash, and you can reconfigure the AP to boot from the original software rather than the lightweight one.