1 show commands, 1 show ip dhcp snooping, 2 show ip dhcp snooping binding – Fortinet 548B User Manual

- 343 -



DHCPRELEASE and DHCPDECLINE messages are dropped if for a MAC address in the
snooping database, but the binding's interface is other than the interface where the message
was received.



On untrusted interfaces, the switch drops DHCP packets whose source MAC address does not
match the client hardware address. This feature is a configurable option.

The hardware identifies all incoming DHCP packets on ports where DHCP snooping is enabled. DHCP
snooping is enabled on a port if (a) DHCP snooping is enabled globally, and (b) the port is a member of a
VLAN where DHCP snooping is enabled. On untrusted ports, the hardware traps all incoming DHCP
packets to the CPU. On trusted ports, the hardware forwards client messages and copies server
messages to the CPU so that DHCP snooping can learn the binding.

7.18.1

Show Commands

7.18.1.1 show ip dhcp snooping

This command displays the DHCP Snooping global configurations and per port configurations.

Syntax

show ip dhcp snooping

Default Setting

None

Command Mode

Privileged Exec

Display Message

Interface: The interface for which data is displayed.

Trusted: If it is enabled, DHCP snooping considers the port as trusted. The factory default is
disabled.

Log Invalid Pkts: If it is enabled, DHCP snooping application logs invalid packets on the specified
interface.

7.18.1.2 show ip dhcp snooping binding

This command displays the DHCP Snooping binding entries. To restrict the output, use the following
options:



Dynamic: Restrict the output based on DCHP snooping.



Interface: Restrict the output based on a specific interface.



Static: Restrict the output based on static entries.



VLAN: Restrict the output based on VLAN.