SYSLOG Server
DHCP Snooping
© Copyright Lenovo 2017
During switch startup, if the switch fails to get the configuration file, a message can
be recorded in the SYSLOG server.
The CN4093 supports requesting of a SYSLOG server IP address from the DHCP
server as described in RFC 2132, option 7. DHCP SYSLOG server request option is
enabled by default.
Manually configured SYSLOG server takes priority over DHCP SYSLOG server.
Up to two SYSLOG server addresses received from the DHCP server can be used.
The SYSLOG server can be learnt over a management port or a data port.
Use the show logging command to view the SYSLOG server address.
DHCP SYSLOG server address option can be enabled/disabled using the following
command:
CN 4093(config)# [no] system dhcp syslog
DHCP snooping provides security by filtering untrusted DHCP packets and by
building and maintaining a DHCP snooping binding table. This feature is
applicable only to IPv4 and only works in non‐stacking mode.
An untrusted interface is a port that is configured to receive packets from outside
the network or firewall. A trusted interface receives packets only from within the
network. By default, all DHCP ports are untrusted.
The DHCP snooping binding table contains the MAC address, IP address, lease
time, binding type, VLAN number, and port number that correspond to the local
untrusted interface on the switch; it does not contain information regarding hosts
interconnected with a trusted interface.
By default, DHCP snooping is disabled on all VLANs. You can enable DHCP
snooping on one or more VLANs. You must enable DHCP snooping globally. To
enable this feature, enter the following commands:
CN 4093(config)# ip dhcp snooping vlan <vlan number(s)>
CN 4093(config)# ip dhcp snooping
Note: When you make a DHCP release from a client, the switch does not forward
the Unicast DHCP release packet to the server, the entry is not removed from the
DHCP snooping binding table, and the counter for Received Request packets does
not increase even though the release packet does arrive at the switch.
If you want the DHCP Renew/Release packet to be forwarded to the server and the
corresponding entry removed from the DHCP snooping binding table, configure
an interface IP address with the sam subnet in the same VLAN.
Chapter 1: Switch Administration
41