Installation manual
4-164
SIGNAMAX LLC • www.signamax.eu
mac-address command, page 4-166). However, if MAC address verification
is enabled, then the packet will only be forwarded if the client’s hardware
address stored in the DHCP packet is the same as the source MAC address
in the Ethernet header.
* If the DHCP packet is not a recognizable type, it is dropped.
- If a DHCP packet from a client passes the filtering criteria above, it will only be
forwarded to trusted ports in the same VLAN.
- If a DHCP packet from a server is received on a trusted port, it will be forwarded
to both trusted and untrusted ports in the same VLAN.
• If the DHCP snooping is globally disabled, all dynamic bindings are removed from
the binding table.
• Additional considerations when the switch itself is a DHCP client – The port(s)
through which the switch submits a client request to the DHCP server must be
configured as trusted (ip dhcp snooping trust, page 4-165). Note that the switch
will not add a dynamic entry for itself to the binding table when it receives an ACK
message from a DHCP server. Also, when the switch sends out DHCP client
packets for itself, no filtering takes place. However, when the switch receives any
messages from a DHCP server, any packets received from untrusted ports are
dropped.
Example
This example enables DHCP snooping globally for the switch.
Related Commands
ip dhcp snooping vlan (4-164)
ip dhcp snooping trust (4-165)
ip dhcp snooping vlan
This command enables DHCP snooping on the specified VLAN. Use the no form to
restore the default setting.
Syntax
[no] ip dhcp snooping vlan vlan-id
vlan-id - ID of a configured VLAN (Range: 1-4094)
Default Setting
Disabled
Command Mode
Global Configuration
Console(config)#ip dhcp snooping
Console(config)#