18 dhcp snooping commands, Dhcp snooping commands – Fortinet 548B User Manual
Page 342
- 342 -
<slot/port> - Interface Number.
Default Setting
None
Command Mode
Privileged Exec
Display Message
Cable Status: One of the following statuses is returned:
Normal: The cable is working correctly.
Open: The cable is disconnected or there is a faulty connector.
Short: There is an electrical short in the cable.
Cable Test Failed: The cable status could not be determined. The cable may in fact be working.
Cable Length: If this feature is supported by the PHY for the current link speed, the cable length is
displayed as a range between the shortest estimated length and the longest estimated length. Note
that if the link is down and a cable is attached to a 10/100 Ethernet adapter, then the cable status
may display as Open or Short because some Ethernet adapters leave unused wire pairs
unterminated or grounded. Unknown is displayed if the cable length could not be determined.
7.18
DHCP Snooping Commands
DHCP snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP
servers to filter harmful DHCP messages and to build a bindings database of {MAC address, IP address,
VLAN ID, port} tuples that are considered authorized. You can enable DHCP snooping globally and on
specific VLANs, and configure ports within the VLAN to be trusted or untrusted. DHCP servers must be
reached through trusted ports.
The DHCP snooping binding table contains the MAC address, IP address, lease time, binding type,
VLAN number, and interface information that corresponds to the local untrusted interfaces of a switch; it
does not contain information regarding hosts interconnected with a trusted interface. An untrusted
interface is an interface that is configured to receive messages from outside the network or firewall. A
trusted interface is an interface that is configured to receive only messages from within the network.
DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also gives you a way
to differentiate between untrusted interfaces connected to the end-user and trusted interfaces connected
to the DHCP server or another switch.
DHCP snooping enforces the following security rules:
DHCP packets from a DHCP server (DHCPOFFER, DHCPACK, DHCPNAK,
DHCPRELEASEQUERY) are dropped if received on an untrusted port.