Ip dhcp snooping verify mac-address – PLANET SGSD-1022 User Manual

User’s Manual of SGSD-1022 / SGSD-1022P

SGSW-2840 / SGSW-2840P

Command Mode

Interface Configuration (Ethernet, Port Channel)

Command Usage

A trusted interface is an interface that is configured to receive only messages from within the network. An untrusted

interface is an interface that is configured to receive messages from outside the network or firewall.

Set all ports connected to DHCP servers within the local network or firewall to trusted, and all other ports outside the local

network or firewall to untrusted.

When DHCP snooping ia enabled globally using the ip dhcp snooping command (page 4-146), and enabled on a VLAN

with ip dhcp snooping vlan command (page 4-148), DHCP packet filtering will be performed on any untrusted ports within

the VLAN according to the default status, or as specifically configured for an interface with the no ip dhcp snooping trust

command.

When an untrusted port is changed to a trusted port, all the dynamic DHCP snooping bindings associated with this port

are removed.

Additional considerations when the switch itself is a DHCP client – The port(s) through which it submits a client request to

the DHCP server must be configured as trusted.

Example

This

Example

sets port 5 to untrusted.

Console(config)#interface ethernet 1/5

Console(config-if)#no ip dhcp snooping trust

Console(config-if)#

Related Commands

ip dhcp snooping

ip dhcp snooping vlan

ip dhcp snooping verify mac-address

This command verifies the client’s hardware address stored in the DHCP packet against the source MAC address in the

Ethernet header. Use the no form to disable this function.

Syntax

[no] ip dhcp snooping verify mac-address

Default Setting

Enabled

Command Mode

Global Configuration

494