Ip dhcp snooping verify mac-address, Ip dhcp snooping verify, Mac-address – LevelOne GTL-2691 User Manual

C

HAPTER

29

| General Security Measures

DHCP Snooping

– 951 –

policy for these packets. The switch can either drop the DHCP packets,

keep the existing information, or replace it with the switch’s relay

information.

E

XAMPLE

Console(config)#ip dhcp snooping information policy drop

Console(config)#

ip dhcp snooping

verify mac-address

This command verifies the client’s hardware address stored in the DHCP

packet against the source MAC address in the Ethernet header. Use the no

form to disable this function.

S

YNTAX

[no] ip dhcp binding verify mac-address

D

EFAULT

S

ETTING

Enabled

C

OMMAND

M

ODE

Global Configuration

C

OMMAND

U

SAGE

If MAC address verification is enabled, and the source MAC address in the

Ethernet header of the packet is not same as the client’s hardware address

in the DHCP packet, the packet is dropped.

E

XAMPLE

This example enables MAC address verification.

Console(config)#ip dhcp snooping verify mac-address

Console(config)#

R

ELATED

C

OMMANDS

ip dhcp snooping (947)

ip dhcp snooping vlan (952)

ip dhcp snooping trust (952)