Specifications

ManualsBrandsEnterasys ManualsNetworkingEnterasys SecureStack B2 B2G124-24

491

492

493

494

495

496

497

498

499

500

set dhcpsnooping binding

SecureStack B2 Configuration Guide 18-7

Defaults

Bydefault,portsareuntrusted.

Mode

Switchcommand,read‐write.

Usage

InorderforDHCPsnoopingtooperate,snoopinghastobeenabledgloballyandonspecific

VLANs,andtheportswithintheVLANshavetobeconfiguredastrustedoruntrusted.On

trustedports,DHCPclientmessagesareforwardeddirectlybythehardware.Onuntrustedports,

clientmessagesaregivento

theDHCPsnoopingapplication.

TheDHCPsnoopingapplicationbuildsthebindingsdatabasefromclientmessagesreceivedon

untrustedports.DHCPsnoopingcreatesa“tentativebinding”fromDHCPDISCOVERand

REQUESTmessages.Tent ativebindingstieaclienttotheportonwhichthemessagepacketwas

received.Tentativebindingsarecompletedwhen

DHCPsnoopinglearnstheclient’sIPaddress

fromaDHCPACKmessageonatrustedport.

TheportsontheswitchthroughwhichDHCPserversarereachedmustbeconfiguredastrusted

portssothatpacketsreceivedfromthoseportswillbeforwardedtoclients.DCHPpacketsfroma

DHCP

server(DHCPOFFER,DHCPACK,DHCPNAK)aredroppedifreceivedonanuntrusted

port.

Example

Thisexampleconfiguresportge.1.1asatrustedport.

(rw)->set dhcpsnooping trust port ge.1.1 enable

set dhcpsnooping binding

UsethiscommandtoaddastaticDHCPbindingtotheDHCP snoopingdatabase.

Syntax

set dhcpsnooping binding mac-address vlan vlan-id ipaddr port port-string

Parameters

Defaults

None.

Mode

Switchcommand,read‐write.

enable|disable Enablesordisablesthespecifiedportsastrustedports.

mac‐address SpecifiestheMACaddressofthebindingentry.

vlanvlan‐id SpecifiestheVLANofthebindingentry.

ipaddr SpecifiestheIPaddressofthebindingentry.

portport‐string Specifiestheportofthebindingentry.