Table of Contents
Advertisement
show dhcpsnooping
Usage
To protect the switch from DHCP attacks when DHCP snooping is enabled, the snooping
application enforces a rate limit for DHCP packets received on untrusted interfaces. DHCP
snooping monitors the receive rate on each interface separately. If the receive rate exceeds the
configured limit, DHCP snooping brings down the interface. You can re‐enable the interface with
the set port enable command. Both the rate and the burst interval can be configured.
You can display the currently configured rate limit parameters with the show dhcpsnooping port
command.
Example
This example configures rate limit parameters on port ge.1.1.
C3(rw)->set dhcpsnooping limit ge.1.1 rate 20 burst interval 2
C3(rw)->show dhcpsnooping port ge.1.1
Interface
----------
ge.1.1
show dhcpsnooping
Use this command to display DHCP snooping configuration parameters.
Syntax
show dhcpsnooping
Parameters
None.
Defaults
None.
Mode
Switch command, read‐write.
Usage
This command displays the status (enabled or disabled) of DHCP snooping globally, lists the
VLANs on which DHCP snooping is enabled, displays whether source MAC address verification
is enabled or disabled, and for ports that are enabled for snooping, displays whether they are
trusted or untrusted and whether logging of invalid packets has been enabled.
Example
This example shows the output of the show dhcpsnooping command.
C3(su)->show dhcpsnooping
DHCP snooping is Enabled
DHCP snooping source MAC verification is enabled
DHCP snooping is enabled on the following VLANs:
17-10 DHCP Snooping and Dynamic ARP Inspection
Trust State
Rate Limit
-------------
-------------
No
Burst Interval
(pps)
(seconds)
---------------
20
2
- Quick Links:
- Set Ip Address
Hide quick links:
Advertisement
Table of Contents
