User manual
Table Of Contents
- Introduction
- Product Overview
- Installation and Quick Startup
- Package Contents
- Switch Installation
- Installing the Switch in a Rack
- Quick Starting the Switch
- System Information Setup
- Quick Start up Software Version Information
- Quick Start up Physical Port Data
- Quick Start up User Account Management
- Quick Start up IP Address
- Quick Start up Uploading from Switch to Out-of-Band PC
- Quick Start up Downloading from Out-of-Band PC to Switch
- Quick Start up Downloading from TFTP Server
- Quick Start up Factory Defaults
- Console and Telnet Administration Interface
- Web-Based Management Interface
- Command Line Interface Structure and Mode-based CLI
- Switching Commands
- System Information and Statistics commands
- Device Configuration Commands
- Interface
- L2 MAC Address and Multicast Forwarding Database Tables
- VLAN Management
- Double VLAN commands
- GVRP and Bridge Extension
- IGMP Snooping
- IGMP Snooping Querier
- MLD Snooping
- MLD Snooping Querier
- Port Channel
- Storm Control
- L2 Priority
- Port Mirror
- Link State
- Port Backup
- FIP Snooping
- Enhanced Transmission Selection (ETS)
- Congestion Notification
- Management Commands
- Spanning Tree Commands
- System Log Management Commands
- Script Management Commands
- User Account Management Commands
- Security Commands
- CDP (Cisco Discovery Protocol) Commands
- SNTP (Simple Network Time Protocol) Commands
- MAC-Based Voice VLAN Commands
- LLDP (Link Layer Discovery Protocol) Commands
- Denial Of Service Commands
- VTP (VLAN Trunking Protocol) Commands
- Protected Ports Commands
- Static MAC Filtering Commands
- System Utilities
- DHCP Snooping Commands
- IP Source Guard (IPSG) Commands
- Dynamic ARP Inspection (DAI) Command
- Differentiated Service Command
- ACL Command
- IPv6 ACL Command
- CoS (Class of Service) Command
- Domain Name Server Relay Commands
- Routing Commands
- IP Multicast Commands
- IPv6 Commands
- Web-Based Management Interface
- Overview
- System Menu
- View ARP Cache
- Viewing Inventory Information
- Configuring Management Session and Network Parameters
- Defining Forwarding Database
- Viewing Logs
- Managing Switch Interface
- Defining sFlow
- Defining SNMP
- Viewing Statistics
- Managing System Utilities
- Managing CDP Function
- Defining Trap Manager
- Configuring SNTP
- Defining DHCP Client
- Defining DNS Relay Function
- Switching Menu
- Managing DHCP Snooping
- Managing IP Source Guard (IPSG)
- Managing Dynamic ARP Inspection (DAI)
- Managing Filters
- Managing Port-based VLAN
- Managing Protected Ports
- Managing Protocol-based VLAN
- Managing IP Subnet-based VLAN
- Managing MAC-based VLAN
- Managing MAC-based Voice VLAN
- Managing Voice VLAN
- Defining GARP
- Managing IGMP Snooping
- Managing IGMP Snooping Querier
- Managing MLD Snooping
- Managing MLD Snooping Querier
- Managing Port-Channel
- Viewing Multicast Forwarding Database
- Managing Spanning Tree
- Defining 802.1p priority
- Managing Port Security
- Managing LLDP
- Managing LLDP-MED
- Managing VTP
- Managing Link State
- Managing Port-Backup
- Managing FIP-Snooping
- Routing Menu
- Security Menu
- IPv6 Menu
- Configuring IPv6 Global Configuration Page
- Configuring IPv6 Interface Configuration Page
- Viewing IPv6 Interface Summary Page
- Viewing IPv6 Interface Statistics Page
- Viewing IPv6 Neighbor Table Information Page
- Viewing IPv6 Static Neighbor Table Information Page
- Managing OSPFv3 Protocol
- Managing IPv6 Routes
- Managing RIPv6
- QOS Menu
- IPv4 Multicast Menu
- IPv6 Multicast Menu
- 342 -
Default Setting
None
Command Mode
Privileged Exec
Display Message
Cable Status: One of the following statuses is returned:
Normal: The cable is working correctly.
Open: The cable is disconnected or there is a faulty connector.
Short: There is an electrical short in the cable.
Cable Test Failed: The cable status could not be determined. The cable may in fact be working.
Cable Length: If this feature is supported by the PHY for the current link speed, the cable length is
displayed as a range between the shortest estimated length and the longest estimated length. Note
that if the link is down and a cable is attached to a 10/100 Ethernet adapter, then the cable status may
display as Open or Short because some Ethernet adapters leave unused wire pairs unterminated or
grounded. Unknown is displayed if the cable length could not be determined.
7.18 DHCP Snooping Commands
DHCP snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP
servers to filter harmful DHCP messages and to build a bindings database of {MAC address, IP address,
VLAN ID, port} tuples that are considered authorized. You can enable DHCP snooping globally and on
specific VLANs, and configure ports within the VLAN to be trusted or untrusted. DHCP servers must be
reached through trusted ports.
The DHCP snooping binding table contains the MAC address, IP address, lease time, binding type, VLAN
number, and interface information that corresponds to the local untrusted interfaces of a switch; it does
not contain information regarding hosts interconnected with a trusted interface. An untrusted interface is
an interface that is configured to receive messages from outside the network or firewall. A trusted
interface is an interface that is configured to receive only messages from within the network.
DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also gives you a way to
differentiate between untrusted interfaces connected to the end-user and trusted interfaces connected to
the DHCP server or another switch.
DHCP snooping enforces the following security rules:
• DHCP packets from a DHCP server (DHCPOFFER, DHCPACK, DHCPNAK,
DHCPRELEASEQUERY) are dropped if received on an untrusted port.
• DHCPRELEASE and DHCPDECLINE messages are dropped if for a MAC address in the
snooping database, but the binding's interface is other than the interface where the message was
received.
• On untrusted interfaces, the switch drops DHCP packets whose source MAC address does not
match the client hardware address. This feature is a configurable option.