Ip dhcp snooping vlan, E ip dhcp snooping vlan comman – LevelOne FGL-2870 User Manual

Command Line Interface

4-180

4

MAC address verification is enabled, then the packet will only be
forwarded if the client’s hardware address stored in the DHCP packet is
the same as the source MAC address in the Ethernet header.

* If the DHCP packet is not a recognizable type, it is dropped.

- If a DHCP packet from a client passes the filtering criteria above, it will only

be forwarded to trusted ports in the same VLAN.

- If a DHCP packet is from server is received on a trusted port, it will be

forwarded to both trusted and untrusted ports in the same VLAN.

• If the DHCP snooping is globally disabled, all dynamic bindings are removed

from the binding table.

• Additional considerations when the switch itself is a DHCP client – The port(s)

through which the switch submits a client request to the DHCP server must be
configured as trusted (ip dhcp snooping trust, page 4-181). Note that the
switch will not add a dynamic entry for itself to the binding table when it
receives an ACK message from a DHCP server. Also, when the switch sends
out DHCP client packets for itself, no filtering takes place. However, when the
switch receives any messages from a DHCP server, any packets received
from untrusted ports are dropped.

Example
This example enables DHCP snooping globally for the switch.

Related Commands

ip dhcp snooping vlan (4-180)
ip dhcp snooping trust (4-181)

ip dhcp snooping vlan

This command enables DHCP snooping on the specified VLAN. Use the no form to
restore the default setting.

Syntax

[no] ip dhcp snooping vlan vlan-id

vlan-id - ID of a configured VLAN (Range: 1-4094)

Default Setting

Disabled

Command Mode

Global Configuration

Command Usage

• When DHCP snooping enabled globally using the ip dhcp snooping

command (page 4-179), and enabled on a VLAN with this command, DHCP

Console(config)#ip dhcp snooping
Console(config)#