Edge-Core ECS3510-10PD Management Manual page 911

C
Global Configuration
C
If MAC address verification is enabled, and the source MAC address in the
Ethernet header of the packet is not same as the client's hardware address
in the DHCP packet, the packet is dropped.
E
This example enables MAC address verification.
R
ip dhcp snooping (906)
ip dhcp snooping vlan (911)
ip dhcp snooping trust (913)
This command enables DHCP snooping on the specified VLAN. Use the no
ip dhcp snooping
form to restore the default setting.
vlan
S
D
Disabled
C
Global Configuration
C
◆
◆
◆
M
OMMAND ODE
U
OMMAND SAGE
XAMPLE
Console(config)#ip dhcp snooping verify mac-address
Console(config)#
C
ELATED OMMANDS
YNTAX
[no] ip dhcp snooping vlan vlan-id
vlan-id - ID of a configured VLAN (Range: 1-4094)
S
EFAULT ETTING
M
OMMAND ODE
U
OMMAND SAGE
When DHCP snooping enabled globally using the
command, and enabled on a VLAN with this command, DHCP packet
filtering will be performed on any untrusted ports within the VLAN as
specified by the ip dhcp snooping trust
When the DHCP snooping is globally disabled, DHCP snooping can still
be configured for specific VLANs, but the changes will not take effect
until DHCP snooping is globally re-enabled.
When DHCP snooping is globally enabled, and then disabled on a VLAN,
all dynamic bindings learned for this VLAN are removed from the
binding table.
– 911 –
| General Security Measures
C 24
HAPTER
DHCPv4 Snooping
ip dhcp snooping
command.