Filter
Top Products
2-475
Catalyst 6500 Series Switch Command Reference—Release 8.4
OL-6244-01
Chapter 2 Catalyst 6500 Series Switch and ROM Monitor Commands
set port dhcp-snooping
set port dhcp-snooping
To enable DHCP trust and IP Source Guard on a per-port basis, use the set port dhcp-snooping
command.
set port dhcp-snooping mod/ports {trust | source-guard} {enable | disable}
Syntax Description
Defaults Trust and source-guard are disabled.
Command Types Switch command.
Command Modes Privileged.
Usage Guidelines If you enter the set port dhcp-snooping mod/ports trust disable command, the DHCP snooping feature
performs checks on packets coming from the ports that you specify. If you enter the enable keyword, the
feature trusts the packets from those ports and does not perform checks.
If you enter the set port dhcp-snooping mod/ports source-guard enable command, the IP addresses
learned through DHCP snooping are the only source IP addresses allowed on incoming traffic. All
packets that contain other IP addresses are dropped. If a new binding is added, the IP address associated
with that binding is added to the port. If a binding is deleted, the IP address associated with that binding
is removed from the port.
If DHCP snooping is disabled on a VLAN, the bindings for that VLAN are deleted.
If you enable IP Source Guard on a port, that port should be untrusted. Also, the security ACL mode
should be port-based or merge-mode, and no PACLs should be on the port.
IP source guard is supported only on the PFC3 or later.
Examples This example shows how to enable DHCP trust on port 2 of module 2:
Console> (enable) set port dhcp-snooping 2/2 trust enable
Port(s) 2/2 state set to trusted for DHCP Snooping.
Console> (enable)
This example shows how to enable IP source-guard on port 2 of module 2:
Console> (enable) set port dhcp-snooping 2/2 source-guard enable
Enabling IP Source Guard on port(s) 2/2.
Console> (enable)
mod/ports Number of the module and port or multiple ports.
trust Specifies the trust feature.
source-guard Specifies the IP Source-Guard feature.
enable Enables the specified DHCP-Snooping feature.
disable Disables the specified DHCP-Snooping feature.