Specifications
327
DCS-3950 series Ethernet switch manual
un-trusted port 0/0/1 of the DCN switch. It acts as DHCP Client, and its IP is 1.1.1.5;DHCP
Server and GateWay connect to the trusted ports 0/0/11 and 0/0/12 of the DCN switch;
malicious user Mac-BB connects to the un-trusted port 0/0/10, trying to fake a DHCP
Server(by sending DHCPACK). Configuring DHCP Snooping on the switch will effectively
discover and block such network attacks.
The followings are the configuration sequence
switch#
switch#config
switch(Config)#ip dhcp snooping
switch(Config)#interface ethernet 0/0/11
switch(Config-Ethernet0/0/11)#ip dhcp snooping trust
switch(Config-Ethernet0/0/11)#exit
switch(Config)#interface ethernet 0/0/12
switch(Config-Ethernet0/0/12)#ip dhcp snooping trust
switch(Config-Ethernet0/0/12)#exit
switch(Config)#interface ethernet 0/0/1-10
switch(Config-Port-Range)#ip dhcp snooping action shutdown
switch(Config-Port-Range)#
19.3 DHCP Snooping Troubleshooting
19.3.1 Monitor and Debug Command List
19.3.1.1 show ip dhcp snooping
Command:show ip dhcp snooping [interface [ethernet] <interfaceName>]
Function: Display the configuration information of the current dhcp snooping or display
the defense action log of the specified port.
Parameters: <interfaceName>:The name of the specified port
Command mode:Admin Mode
Default:None
Usage Guide: If there is no specific port, then display the current configuration
information of dhcp snooping, otherwise, display the records of defense actions of the
specific port.
Example:Switch#show ip dhcp snooping
DHCP Snooping is enabled
DHCP Snooping binding arp: disabled
DHCP Snooping maxnum of action info:10
DHCP Snooping limit rate: 100(pps), switch ID: 0003.0F12.3456
DHCP Snooping droped packets: 0, discarded packets: 0
DHCP Snooping alarm count: 0, binding count: 0,