Install guide
12 DHCP Snooping Release Note
Software Version 2.7.6
C613-10462-00 REV A
To disable Option 82, use the command:
disable dhcpsnooping option82
Note: If both DHCP snooping and Option 82 for DHCP snooping are enabled,
the BOOTP relay agent Option 82 is unavailable.
For more information about Option 82, see RFC 3046, DHCP Relay Agent
Information Option.
DHCP Snooping ARP Security
ARP security prevents ARP spoofing. ARP spoofing is when fake, or 'spoofed',
ARP messages are sent to an Ethernet LAN. These messages contain false MAC
addresses, confusing network devices.
When ARP security is enabled for DHCP snooping, the switch checks ARP
packets sourced from untrusted ports against the entries in the DHCP
snooping binding database. If it finds a matching entry, it forwards the ARP
packet as normal. If it does not find a matching entry, it drops the ARP packet.
This ensures that only trusted clients (with a recognised IP address) can
generate ARP packets into the network.
To enable DHCP snooping ARP security, use the command:
enable dhcpsnooping arpsecurity
To disable DHCP snooping ARP security, use the command:
disable dhcpsnooping arpsecurity
Note: ARP security is not applied to packets received on trusted ports.
ARP security is applied to both dynamic and static DHCP snooping entries.