Owner's Manual
450 | Chapter 17. Security
NETGEAR 8800 User Manual
1:3 drop-packet
1:4 drop-packet, block-mac permanently
1:7 none
1:9 drop-packet, snmp-trap
To display the DHCP bindings database, use the following command:
show ip-security dhcp-snooping entries {vlan} <vlan_name>
The following is sample output from this command:
--------------------------------------------
Vlan: dhcpVlan
--------------------------------------------
Server Client
IP Addr MAC Addr Port Port
------- -------- ------ ------
172.16.100.9 00:90:27:c6:b7:65 1:1 1:2
Clearing DHCP Snooping Entries
Existing DHCP snooping entries can be cleared by using the following command. (Note that
this will also clear out any associated Source IP Lockdown and DHCP Secured ARP entries.)
clear ip-security dhcp-snooping entries {vlan} <vlan_name>
Configuring the DHCP Relay Agent Option (Option 82) at Layer 2
This section describes how to configure the DHCP Relay agent option for Layer 2 forwarded
DHCP packets. The DHCP relay agent option feature inserts a piece of information, called
option 82, into any DHCP request packet that is to be relayed by the switch. Similarly, if a
DHCP reply received by the switch contains a valid relay agent option, the option will be
stripped from the packet before it is relayed to the client. This is a Layer
2 option that
functions only when the switch is not configured as a Layer
3 BOOTP relay.
The Agent remote ID sub-option always contains the Ethernet MAC address of the relaying
switch. You can display the Ethernet MAC address of the switch by issuing the
show switch
command.
The contents of the inserted option 82 sub-options is as follows:
To enable the DHCP relay agent option at Layer 2, use the following command:
Table 48. Contents of the Inserted Option 82 Sub-options
Code
(1 byte)
Length
(1 byte)
Sub- Option
(1 byte)
Length
(1 byte)
Value
(1-32 bytes)
Sub-Option
(1 byte)
Length
(1 byte)
Switch MAC
address
(6 bytes)
82 1
(Circuit ID)
1-32 vlan_info-p
ort_info
2
(Remote ID)
6