Specifications

set dhcpsnooping verify

18-8 DHCP Snooping and Dynamic ARP Inspection

Usage

WhenenabledgloballyandonVLANs,DHCPsnoopingbuildsitsbindingsdatabasefromDHCP

clientmessagesreceivedonuntrustedports.Suchentriesinthedatabasearedynamicentries

whichwillberemovedinresponsetovalidDECLINE,RELEASE,andNACKmessagesorwhen

theabsoluteleasetimeoftheentryexpires.

Youcanaddstaticentriestothebindingsdatabasewiththiscommand.

Example

Thisexamplecreatesastaticentry,associatingMACaddress00:01:02:33:44:55withIPaddress

192.168.10.10andVLAN10,portge.1.1.

(rw)->set dhcpsnooping binding 00:01:02:33:44:55 vlan 10 192.168.10.10 port

ge.1.1

set dhcpsnooping verify

UsethiscommandtoenableordisableDHCPsnoopingtofilteronsourceMACaddress.

Syntax

set dhcpsnooping verify mac-address {enable | disable}

Parameters

Defaults

SourceMACaddressverificationisenabledbydefault.

Mode

Switchcommand,read‐write.

Usage

Whenthisverificationisenabled,theDHCPsnoopingapplicationcomparesthesourceMAC

addresscontainedinvalidclientmessageswiththeclient’shardwareaddress.Ifthereisa

mismatch,DHCPsnoopinglogstheeventanddropsthepacket.

Usetheshow dhcpsnoopingcommandtodisplaythestatus(enabledordisabled)of

sourceMAC

addressverificationforeachinterfaceinanenabledVLAN.Theshow dhcpsnoopingstatistics

commandshowstheactualnumberofMACverificationerrorsthatoccurredonuntrustedports.

Example

ThisexampledisablessourceMACaddressverificationandlogging.

(rw)->set dhcpsnooping verify mac-address disable

enable EnablesverificationofthesourceMACaddressinclientmessages

againsttheclienthardwareaddress.

disable DisablesverificationofthesourceMACaddressinclientmessages

againsttheclienthardwareaddress.