Specifications
clear dhcpsnooping binding
18-14 DHCP Snooping and Dynamic ARP Inspection
Mode
Switchcommand,read‐write.
Usage
TheDHCPsnoopingapplicationprocessesincomingDHCPmessagesonenableduntrusted
interfaces.ForDHCPRELEASEandDHCPDECLINEmessages,theapplicationcomparesthe
receiveinterfaceandVLANwiththeclientʹsinterfaceandVLANinthebindingsdatabase.Ifthe
interfacesdonotmatch,theapplicationlogstheevent(iflogging
ofinvalidmessagesisenabled)
anddropsthemessage.IfsourceMACverificationisenabled,forvalidclientmessages,DHCP
snoopingcomparesthesourceMACaddresstotheDHCPclienthardwareaddress.Wherethereis
amismatch,DHCPsnoopinglogsanddropsthepacket.
Thiscommanddisplays,foreachenableduntrusted
interface,thenumberofsourceMAC
verificationfailuresandclientinterfacemismatchesthatoccurredsincethelasttimethese
statisticswerecleared.
SinceDHCPserversshouldnotbeconnectedthroughanuntrustedport,the DHCPsnooping
applicationwilldropincomingDHCPservermessagesonuntrustedinterfacesandincrementa
counterthat
isdisplayedwiththiscommand.
Example
Thisexampleshowstheoutputoftheshowdhcpsnoopingstatisticscommand.
B2(su)->show dhcpsnooping statistics
Interface MAC Verify Client Ifc DHCP Server
Failures Mismatch Msgs Rec'd
----------- ---------- ---------- -----------
ge.1.48 0 0 0
lag.0.1 0 0 0
clear dhcpsnooping binding
UsethiscommandtoremovebindingsfromtheDHCPsnoopingbindingsdatabase.
Syntax
clear dhcpsnooping binding [port port-string | mac mac-addr]
Parameters
Defaults
Ifnoparametersareentered,allbindings(staticanddynamic)areremoved.
Mode
Switchcommand,read‐write.
Example
Thisexampleclearsthestaticbindingentrythatincludesportge.1.2.
portport‐string (Op tional)Specifiestheentryorentriestoremovebyportidentifier.
macmac‐addr (Optional)SpecifiestheentrytoremovebyMACaddress.