Ip dhcp snooping verify mac-address, Ip dhcp snooping vlan, Ip dhcp snooping verify – Microsens MS453490M Management Guide User Manual
Page 665: Mac-address, Ip dhcp snooping vlan (665)
C
HAPTER
25
| General Security Measures
DHCP Snooping
– 665 –
ip dhcp snooping
verify mac-address
This command verifies the client’s hardware address stored in the DHCP
packet against the source MAC address in the Ethernet header. Use the no
form to disable this function.
S
YNTAX
[no] ip dhcp binding verify mac-address
D
EFAULT
S
ETTING
Enabled
C
OMMAND
M
ODE
Global Configuration
C
OMMAND
U
SAGE
If MAC address verification is enabled, and the source MAC address in the
Ethernet header of the packet is not same as the client’s hardware address
in the DHCP packet, the packet is dropped.
E
XAMPLE
This example enables MAC address verification.
Console(config)#ip dhcp snooping verify mac-address
Console(config)#
R
ELATED
C
OMMANDS
ip dhcp snooping
vlan
This command enables DHCP snooping on the specified VLAN. Use the no
form to restore the default setting.
S
YNTAX
[no] ip dhcp snooping vlan vlan-id
vlan-id - ID of a configured VLAN (Range: 1-4093)
D
EFAULT
S
ETTING
Disabled
C
OMMAND
M
ODE
Global Configuration
C
OMMAND
U
SAGE
◆
When DHCP snooping enabled globally using the
command, and enabled on a VLAN with this command, DHCP packet
filtering will be performed on any untrusted ports within the VLAN as
specified by the
command.