Enabling DHCP snooping
DHCP snooping is enabled globally by entering this command:
switch(config)#
dhcp-snooping
Use the
no
form of the command to disable DHCP snooping.
Syntax:
dhcp-snooping [authorized-server|database|option|rate-limit|trust|verify|vlan]
no dhcp-snooping [authorized-server|database|option|rate-limit|trust|verify|vlan]
- authorized server
Enter the IP address of a trusted DHCP server. If no authorized servers are configured, all DHCP server addresses are considered valid. Maximum: 20 authorized servers.
- database
To configure a location for the lease database, enter a URL in the format
tftp://ip-addr/ascii-string
. The maximum number of characters for the URL is 63.- option
Add relay information option (Option 82) to DHCP client packets that are being forwarded out trusted ports. The default is
yes
, add relay information.- rate-limit
Configures the DHCP packet transfer rate in pps for
dhcp-snooping
.- trust
Configure trusted ports. Only server packets received on trusted ports are forwarded. Default:
untrusted
.- verify
Enables DHCP packet validation. The DHCP client hardware address field and the source MAC address must be the same for packets received on untrusted ports or the packet is dropped. Default:
Yes
.- vlan
Enable DHCP snooping on a vlan. DHCP snooping must be enabled already. Default:
No
.
To display the DHCP snooping configuration, enter this command:
switch(config)# show dhcp-snooping
Output for the show dhcp-snooping command
switch(config)# show dhcp-snooping DHCP Snooping Information DHCP Snooping : Yes Enabled Vlans : Verify MAC : Yes Option 82 untrusted policy : drop Option 82 Insertion : Yes Option 82 remote-id : mac Store lease database : Not configured Rate-Limit (PPS) : 150 Max Current Bindings Port Trust Bindings Static Dynamic ----- ----- ------- ------ ------- Ports A3-A8,B1-B24,C1-C8,Trk1 are untrusted
To display statistics about the DHCP snooping process, enter this command:
switch(config)#show dhcp-snooping stats
An example of the output is shown below.
Output for the show DHCP snooping statistics command
switch(config)# show dhcp-snooping stats Packet type Action Reason Count ----------- ------- ---------------------------- ----- server forward from trusted port 8 client forward to trusted port 8 server drop received on untrusted port 2 server drop unauthorized server 0 client drop destination on untrusted port 0 client drop untrusted option 82 field 0 client drop bad DHCP release request 0 client drop failed verify MAC check 0