Owner's Manual
Chapter 17. Security | 449
NETGEAR 8800 User Manual
Configuring Trusted DHCP Server
To configure a trusted DHCP server on the switch, use the following command:
configure trusted-servers {vlan} <vlan_name> add server <ip_address> trust-for
dhcp-server
You can configure a maximum of eight trusted DHCP servers on the switch.
If you configure one or more trusted ports, the switch assumes that all DHCP server packets
on the trusted port are valid. For more information about configuring trusted ports, see the
next section.
To delete a trusted DHCP server, use the following command:
configure trusted-servers vlan <vlan_name> delete server <ip_address> trust-for
dhcp-server
Configuring Trusted DHCP Ports
To enable DHCP snooping, use the following command:
enable ip-security dhcp-snooping {vlan} <vlan_name> ports [all | <ports>]
violation-action [drop-packet {[block-mac | block-port] [duration
<duration_in_seconds> | permanently] | none]}] {snmp-trap}
For more information about DHCP snooping see, Configuring DHCP Snooping on page 448.
Trusted ports do not block traffic; rather, the switch forwards any DHCP server packets that
appear on trusted ports. Depending on your DHCP snooping configuration, the switch drops
packets and can disable the port temporarily, disable the port permanently, block the MAC
address temporarily, block the MAC address permanently, and so on.
To enable trusted ports on the switch, use the following command:
configure trusted-ports [<ports>|all] trust-for dhcp-server
To disable trusted ports on the switch, use the following command:
unconfigure trusted-ports [<ports>|all] trust-for dhcp-server
Displaying DHCP Snooping and Trusted Server Information
To display the DHCP snooping configuration settings, use the following command:
show ip-security dhcp-snooping {vlan} <vlan_name>
The following is sample output from this command:
DHCP Snooping enabled on ports: 1:2, 1:3, 1:4, 1:7, 1:9
Trusted Ports: 1:7
Trusted DHCP Servers: None
--------------------------------------------
Port Violation-action
--------------------------------------------
1:2 none