Dhcp snooping, Dhcp snooping 8 – Brocade BigIron RX Series Configuration Guide User Manual
Page 1166
1088
BigIron RX Series Configuration Guide
53-1002484-04
DHCP snooping
36
DHCP snooping
NOTE
This feature is only supported on Layer 3 code.
Dynamic Host Configuration Protocol (DHCP) snooping enables the Brocade device to filter
untrusted DHCP packets in a subnet. DHCP snooping can ward off MiM attacks, such as a
malicious user posing as a DHCP server sending false DHCP server reply packets with the intention
of misdirecting other users. DHCP snooping can also stop unauthorized DHCP servers and prevent
errors due to user mis-configuration of DHCP servers.
Often DHCP snooping is used together with Dynamic ARP Inspection and IP Source Guard.
TABLE 179
show arp command
This field...
Displays....
IP Address
The IP address of the device.
MAC Address
The MAC address of the device.
Age
The ARP Age, which can be one of the following:
•
The number of minutes the entry has remained
unused. If this value reaches the ARP aging period
of 10 minutes, the entry is removed from the table.
•
The Inspect Pending entries are never removed
from the ARP Table and are displayed in seconds
not minutes.
•
The Inspect Valid entries are displayed in minutes
and after 10 minutes of aging may be changed
from Valid to Pending.
•
The DHCP age is in the form of x/y where x
represents the ARP age in minutes and y
represents the lease time remaining of the client.
NOTE: Static entries do not age out.
Port
This field shows the port on which the entry was
learned.
Type
The ARP type, which can be one of the following:
•
Dynamic – The Layer 3 Switch learned the entry
from an incoming packet on a trusted port.
•
Inspect (Inspection ARP) – The entry from a
statically configured IP/MAC mapping, where the
port was initially unspecified.
•
Dhcp (DHCP-Snooping ARP) – The Layer 3 Switch
learned the entry from DHCP.
Status
The status, which can be one of the following:
•
Valid – The ARP entry was resolved with the
correct IP/MAC mapping. Static ARP entries are
always valid.
•
Pending – The ARP entry is not yet resolved.