Filter
Top Products
Configuring DHCP Relay Configuring DHCP Security Features
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 18-21
Note it is necessary to configure ports that are connected to DHCP servers within the network and/or fire-
wall as trusted ports so that necessary DHCP traffic to/from the server is not blocked. Configuring the port
mode as trusted also identifies the device connected to that port as a trusted device within the network.
Configuring the DHCP Snooping Binding Table
The DHCP Snooping binding table is automatically enabled when DHCP Snooping is enabled at either the
switch or VLAN level. This table is used by DHCP Snooping to filter DHCP traffic that is received on
untrusted ports.
Entries are made in this table when the relay agent receives a DHCPACK packet from a trusted DHCP
server. The agent extracts the client information, populates the binding table with the information and then
forwards the DHCPACK packet to the port where the client request originated.
To enable or disable the DHCP Snooping binding table, use the ip helper dhcp-snooping binding
command. For example:
-> ip helper dhcp-snooping binding enable
-> ip helper dhcp-snooping binding disable
Note that enabling the binding table functionality is not allowed if Option-82 data insertion is not enabled
at either the switch or VLAN level.
In addition, it is also possible to configure static binding table entries. This type of entry is created using
available ip helper dhcp-snooping binding command parameters to define the static entry. For example,
the following command creates a static DHCP client entry:
-> ip helper dhcp-snooping binding 00:2a:95:51:6c:10 port 1/15 address
17.15.3.10 lease-time 3 vlan 200
To remove a static binding table entry, use the no form of the ip helper dhcp-snooping binding
command. For example:
-> no ip helper dhcp-snooping binding 00:2a:95:51:6c:10 port 1/15 address
17.15.3.10 lease-time 3 vlan 200
To view the DHCP Snooping binding table contents, use the show ip helper dhcp-snooping binding
command. See the OmniSwitch CLI Reference Guide for example outputs of this command.
Configuring the Binding Table Timeout
The contents of the DHCP Snooping binding table resides in the switch memory. In order to preserve table
entries across switch reboots, the table contents is automatically saved to the dhcpBinding.db file located
in the /flash/switch directory.
The amount of time, in seconds, between each automatic save is referred to as the binding table timeout
value. By default, the timeout value is 300 seconds. To configure this value, use the ip helper dhcp-
snooping binding timeout command. For example, the following command sets the timeout value to 600
seconds:
-> ip helper dhcp-snooping binding timeout 600
Each time an automatic save is performed, the dhcpBinding.db file is time stamped.