Table of Contents
Advertisement
DHCPRELEASE and DHCPDECLINE messages are dropped if for a MAC address in the
snooping database, but the binding's interface is other than the interface where the message
was received.
On untrusted interfaces, the switch drops DHCP packets whose source MAC address does not
match the client hardware address. This feature is a configurable option.
The hardware identifies all incoming DHCP packets on ports where DHCP snooping is enabled. DHCP
snooping is enabled on a port if (a) DHCP snooping is enabled globally, and (b) the port is a member of a
VLAN where DHCP snooping is enabled. On untrusted ports, the hardware traps all incoming DHCP
packets to the CPU. On trusted ports, the hardware forwards client messages and copies server
messages to the CPU so that DHCP snooping can learn the binding.
7.18.1
Show Commands
7.18.1.1 show ip dhcp snooping
This command displays the DHCP Snooping global configurations and per port configurations.
Syntax
show ip dhcp snooping
Default Setting
None
Command Mode
Privileged Exec
Display Message
Interface: The interface for which data is displayed.
Trusted: If it is enabled, DHCP snooping considers the port as trusted. The factory default is
disabled.
Log Invalid Pkts: If it is enabled, DHCP snooping application logs invalid packets on the specified
interface.
7.18.1.2 show ip dhcp snooping binding
This command displays the DHCP Snooping binding entries. To restrict the output, use the following
options:
Dynamic: Restrict the output based on DCHP snooping.
Interface: Restrict the output based on a specific interface.
Static: Restrict the output based on static entries.
VLAN: Restrict the output based on VLAN.
- 343 -
Advertisement
Table of Contents
