Juniper JUNOS OS 10.4 - FOR EX REV 1 Manual page 3190

Complete Software Guide for Junos
Configuration
CLI Quick
Configuration
Step-by-Step
Procedure
Results
Verification
Purpose
Action
Meaning
Related
Documentation
3086
®
OS for EX Series Ethernet Switches, Release 10.4
To configure the DHCP server interface as untrusted because the interface is being used
by a rogue DHCP server:
To quickly set the rogue DHCP server interface as untrusted, copy the following command
and paste it into the switch terminal window:
[edit ethernet-switching-options secure-access-port]
set interface ge-0/0/8 no-dhcp-trusted
To set the DHCP server interface as untrusted:
Specify the interface (port) from which DHCP responses are not allowed:
[edit ethernet-switching-options secure-access-port]
user@switch# set interface ge-0/0/8 no–dhcp-trusted
Check the results of the configuration:
[edit ethernet-switching-options secure-access-port]
user@switch# show
interface ge-0/0/8.0 {
no-dhcp-trusted;
}
To confirm that the configuration is working properly:
Verifying That the DHCP Server Interface Is Untrusted on page 3086
Verifying That the DHCP Server Interface Is Untrusted
Verify that the DHCP server is untrusted.
Send some DHCP requests from network devices (here they are DHCP clients) connected
to the switch.
Display the DHCP snooping information when the port on which the DHCP server connects
to the switch is not trusted.
user@switch> show dhcp snooping binding
There is no output from the command because no entries are added to the DHCP snooping
database.
Example: Configuring Port Security, with DHCP Snooping, DAI, MAC Limiting, and MAC
Move Limiting, on an EX Series Switch on page 3073
Enabling a Trusted DHCP Server (CLI Procedure) on page 3136
Enabling a Trusted DHCP Server (J-Web Procedure) on page 3136
Copyright © 2010, Juniper Networks, Inc.