3-10
z Enable DHCP snooping and specify trusted ports on the switch before configuring IP filtering.
z You are not recommended to configure IP filtering on the ports of an aggregation group.
z To create a static binding after IP filtering is enabled with the mac-address keyword specified on a
port, the mac-address argument must be specified; otherwise, the packets sent from this IP
address cannot pass the IP filtering.
z A static entry has a higher priority than the dynamic DHCP snooping entry that has the same IP
address as the static one. That is, if the static entry is configured after the dynamic entry is
recorded, the static entry overwrites the dynamic entry; if the static entry is configured before
DHCP snooping is enabled, no DHCP client can obtain the IP address of the static entry.
z The VLAN ID of the IP static binding configured on a port is the default VLAN ID of the port.
Displaying DHCP Snooping Configuration
After the above configurations, you can verify the configurations by executing the display command in
any view.
Follow these steps to display DHCP snooping:
Operation Command Description
Display the user IP-MAC
address mapping entries
recorded by the DHCP
snooping function
display dhcp-snooping [ unit unit-id ]
Display the (enabled/disabled)
state of the DHCP snooping
function and the trusted ports
display dhcp-snooping trust
Display the IP static binding
table
display ip source static binding
[ vlan vlan-id | interface interface-type
interface-number ]
You can execute the
display command in
any view
Remove DHCP snooping
entries
reset dhcp-snooping [ ip-address ] Available in user view
DHCP Snooping Configuration Example
DHCP-Snooping Option 82 Support Configuration Example
Network requirements
As shown in Figure 3-8, Ethernet1/0/5 of the switch is connected to the DHCP server, and Ethernet1/0/1,
Ethernet1/0/2, and Ethernet1/0/3 are respectively connected to Client A, Client B, and Client C.
z Enable DHCP snooping on the switch.
z Specify Ethernet1/0/5 on the switch as a trusted port for DHCP snooping.
z Enable DHCP-snooping Option 82 support on the switch and set the remote ID field in Option 82 to
the system name of the switch. Set the circuit ID sub-option to “abcd” in DHCP packets from VLAN
1 on Ethernet 1/0/3.
To Next Page
Loading...