Juniper JUNOS OS 10.4 - FOR EX REV 1 Manual page 3289

examine-dhcp
Syntax
Hierarchy Level
Release Information
Description
Default
Required Privilege
Level
Related
Documentation
Copyright © 2010, Juniper Networks, Inc.
(examine-dhcp | no-examine-dhcp);
[edit ethernet-switching-options secure-access-port vlan (all | vlan-name)]
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Enable DHCP snooping on all VLANs or on the specified VLAN.
—Enable DHCP snooping.
examine-dhcp
—Disable DHCP snooping.
no-examine-dhcp
When DHCP snooping is enabled, the switch logs DHCP packets (DHCPOFFER,
DHCPDECLINE, DHCPACK, and DHCPNAK packets) that it receives on untrusted ports.
You can monitor the log for these messages, which can signal the presence of a malicious
DHCP server on the network.
TIP: For Private VLANs (PVLANs), enable DHCP snooping on the primary
VLAN. If you enable DHCP snooping only on a community VLAN, DHCP
messages coming from PVLAN trunk ports are not snooped.
Disabled.
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Example: Configuring Port Security, with DHCP Snooping, DAI, MAC Limiting, and MAC
Move Limiting, on an EX Series Switch on page 3073
Example: Configuring DHCP Snooping, DAI , and MAC Limiting on an EX Series Switch
with Access to a DHCP Server Through a Second Switch on page 3097
Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing
Attacks on page 3090
Enabling DHCP Snooping (CLI Procedure) on page 3134
Enabling DHCP Snooping (J-Web Procedure) on page 3135
Chapter 104: Configuration Statements for Port Security
3185