DHCPv4 snooping max-binding
DHCP snooping max-binding prevents binding entries from getting exhausted. This feature is on a per-port basis. It restricts the maximum number of bindings allowed on a port/interface. It applies to untrusted interfaces only. The maximum bindings for a particular port includes both statically configured and dynamically learned. The number of bindings on a per port basis is maintained i.e., incremented upon a lease offer and decremented upon a lease expiry or release.
DHCP snooping max-binding can be configured in configuration context or in an interface context for an untrusted interface. In case of configuration context, a port or a list of ports is selected for which max-binding is to be configured. Then the corresponding max-binding value is provided within a range of <1-8192>. For the interface context, after selecting the interface on which max-binding is to be configured, the max-binding value is provided within a range of <1-8192>. The max-binding configuration for a port can be removed using the no option of the command. max-binding cannot be set on trusted ports and ports for which the associated VLAN is not DHCP-snooping enabled. Once the max-bindings limit on an interface is reached, packets for DHCP clients which do not have a binding entry are dropped.
Syntax:
dhcp-snooping max-bindings [PORT-LIST][MAX-BINDING-NUM]
Configure the maximum number of bindings on specified ports. The maximum number of bindings default value is 8192. The allowed range on a port is 1 to 8192.
Syntax:
dhcp-snooping <trust|max-bindings>[1-8192]
no dhcp-snooping <trust|max-bindings>[1-8192]
Configures the maximum binding value on a port. Only this number of clients are allowed on a port. The
no
form of this command removes max-binding from the configuration and set to the default value of 8192.
Syntax:
show dhcp-snooping
Show all available dhcp-snooping information.
Example:
switch(config)#show dhcp-snooping DHCP Snooping Information DHCP Snooping : Yes Max Current Bindings Port Trust Bindings Static Dynamic _____ ______ ________ _______ _________ 1 Yes - - - 2 No 200 10 3 3 No 3* 3 6 4 No 5* 23 0 5 No - - - 6 No - - - 7 No - - - 8 No - - - 9 No - - - 10 No - - - 11 Yes - - - 12 Yes - - - 13 No - - - 14 No - - - 15 No - - - 16 No - 2 8 17 No 21 12 24 18 Yes - - - 19 No - - - 20 No - - - 21 No - - - 22 No - - - 23 No - - - 24 Yes - - -
Syntax:
show dhcp-snooping stats
Shows the dhcp-snooping statistics.
switch(config)#show dhcp-snooping stats Packet type Action Reason Count ----------- ------- ---------------------------- --------- server forward from trusted port 0 client forward to trusted port 0 server drop received on untrusted port 0 server drop unauthorized server 0 client drop destination on untrusted port 0 client drop untrusted option 82 field 0 client drop bad DHCP release request 0 client drop failed verify MAC check 0 client drop failed on max-binding limit 0