Filter
Top Products
DHCP Snooping Commands
4-317
4
Example
DHCP Snooping Commands
DHCP snooping allows a switch to protect a network from rogue DHCP servers or
other devices which send port-related information to a DHCP server. This
information can be useful in tracking an IP address back to a physical port. This
section describes commands used to configure DHCP snooping.
ip dhcp snooping
This command enables DHCP snooping globally. Use the no form to restore the
default setting.
Syntax
[no] ip dhcp snooping
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
• Network traffic may be disrupted when malicious DHCP messages are
received from an outside source. DHCP snooping is used to filter DHCP
Console#show ip source-guard binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
----------------- --------------- ---------- -------------------- ---- ---------
11-22-33-44-55-66 192.168.0.99 0 Static 1 Eth 1/5
Console#
Table 4-85 DHCP Snooping Commands
Command Function Mode Page
ip dhcp snooping Enables DHCP snooping globally GC 4-317
ip dhcp snooping vlan Enables DHCP snooping on the specified VLAN GC 4-319
ip dhcp snooping trust Configures the specified interface as trusted IC 4-320
ip dhcp snooping verify
mac-address
Verifies the client’s hardware address stored in the DHCP
packet against the source MAC address in the Ethernet header
GC 4-321
ip dhcp snooping
information option
Enables or disables DHCP Option 82 information relay GC 4-321
ip dhcp snooping
information policy
Sets the information option policy for DHCP client packets that
include Option 82 information
GC 4-322
ip dhcp snooping
database flash
Writes all dynamically learned snooping entries to flash
memory
GC 4-323
show ip dhcp snooping Shows the DHCP snooping configuration settings PE 4-323
show ip dhcp snooping
binding
Shows the DHCP snooping binding table entries PE 4-324