Clear ip dhcp snooping binding, Clear ip dhcp snooping, Binding – LevelOne GTL-2691 User Manual

C

HAPTER

29

| General Security Measures

DHCP Snooping

– 953 –

C

OMMAND

M

ODE

Interface Configuration (Ethernet, Port Channel)

C

OMMAND

U

SAGE

◆

A trusted interface is an interface that is configured to receive only

messages from within the network. An untrusted interface is an

interface that is configured to receive messages from outside the

network or fire wall.

◆

Set all ports connected to DHCP servers within the local network or fire

wall to trusted, and all other ports outside the local network or fire wall

to untrusted.

◆

When DHCP snooping ia enabled globally using the

ip dhcp snooping

command, and enabled on a VLAN with

ip dhcp snooping vlan

command, DHCP packet filtering will be performed on any untrusted

ports within the VLAN according to the default status, or as specifically

configured for an interface with the no ip dhcp snooping trust

command.

◆

When an untrusted port is changed to a trusted port, all the dynamic

DHCP snooping bindings associated with this port are removed.

◆

Additional considerations when the switch itself is a DHCP client – The

port(s) through which it submits a client request to the DHCP server

must be configured as trusted.

E

XAMPLE

This example sets port 5 to untrusted.

Console(config)#interface ethernet 1/5

Console(config-if)#no ip dhcp snooping trust

Console(config-if)#

R

ELATED

C

OMMANDS

ip dhcp snooping (947)

ip dhcp snooping vlan (952)

clear ip dhcp

snooping binding

This command clears DHCP snooping binding table entries from RAM. Use

this command without any optional keywords to clear all entries from the

binding table.

S

YNTAX

clear ip dhcp snooping binding [mac-address vlan vlan-id]

mac-address - Specifies a MAC address entry.

(Format: xx-xx-xx-xx-xx-xx)
vlan-id - ID of a configured VLAN (Range: 1-4093)