Dhcp snooping commands, Ip dhcp snooping, Table 22-4 – Edge Products ES3528-WDM User Manual
Page 377: Ip dhcp snooping (22-7)
DHCP Snooping Commands
22-7
22
DHCP Snooping Commands
DHCP snooping allows a switch to protect a network from rogue DHCP servers or
other devices which send port-related information to a DHCP server. This
information can be useful in tracking an IP address back to a physical port. This
section describes commands used to configure DHCP snooping.
ip dhcp snooping
This command enables DHCP snooping globally. Use the no form to restore the
default setting.
Syntax
[no] ip dhcp snooping
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
• Network traffic may be disrupted when malicious DHCP messages are
received from an outside source. DHCP snooping is used to filter DHCP
messages received on an unsecure interface from outside the network or
firewall. When DHCP snooping is enabled globally by this command, and
enabled on a VLAN interface by the ip dhcp snooping vlan command
(page 22-9), DHCP messages received on an untrusted interface (as
specified by the no ip dhcp snooping trust command, page 22-12) from a
device not listed in the DHCP snooping table will be dropped.
Table 22-4 DHCP Snooping Commands
Command
Function
Mode
Page
ip dhcp snooping
Enables DHCP snooping globally
GC
ip dhcp snooping
vlan
Enables DHCP snooping on the specified VLAN
GC
ip dhcp snooping
binding
Adds a static address to the DHCP snooping table
GC
ip dhcp snooping
verify mac-address
Verifies the client’s hardware address stored in the DHCP packet
against the source MAC address in the Ethernet header
GC
ip dhcp snooping
database flash
Writes all dynamically learned snooping entries to flash memory
GC
ip dhcp snooping
trust
Configures the specified interface as trusted
IC
show ip dhcp
snooping
Shows the DHCP snooping configuration settings
PE
show ip dhcp
snooping binding
Shows the DHCP snooping binding table entries
PE