Install guide
18 DHCP Snooping Release Note
Software Version 2.7.6
C613-10462-00 REV A
enable dhcpsnooping
Syntax ENAble DHCPSnooping
Description This command enables DHCP snooping on the switch. If the bindings.dsn file
exists, the switch checks it, and adds any current entries to the DHCP snooping
binding database. If the bindings.dsn file does not already exist, the switch
creates it. When you enable DHCP snooping, and valid dynamic leases exist,
the switch periodically writes the bindings.dsn file at every check interval. If
no valid leases exist, the file is deleted.
By default, all ports are considered untrusted.
For AT-8600, AT-8700XL, Rapier, and AT-8800 switches, by default the switch
drops all IP packets arriving on all untrusted ports. If the switch snoops a
dynamic DHCP IP allocation, it modifies the filtering behaviour of the
associated port. Instead of dropping all packets arriving on the port, it drops all
packets except those coming from the allocated IP address.
DHCP snooping is disabled by default.
Examples To enable DHCP snooping, use the command:
ena dhcps
enable dhcpsnooping arpsecurity
Syntax ENAble DHCPSnooping ARPSecurity
Description This command enables ARP security for DHCP snooping. When the switch
receives ARP packets on untrusted ports, it checks them to ensure that the
source IP in the ARP packet is consistent with the information stored in the
DHCP snooping binding database. It discards ARP packets that do not pass
this check.
DHCP snooping must also be enabled for this command to have any effect.
ARP security is disabled by default.
For more information about ARP security, see “DHCP Snooping ARP Security”
on page 12
Example To enable DHCP snooping ARP security, use the command:
ena dhcps arps