C613-50631-01 Rev A Command Reference for IE340 Series 2580
AlliedWare Plus™ Operating System - Version 5.5.3-0.x
DHCP SNOOPING COMMANDS
SERVICE
DHCP-SNOOPING
Disabling DHCP snooping removes all DHCP snooping configuration from the
running configuration, except for:
• any DHCP snooping maximum bindings settings (ip dhcp snooping
max-bindings), and
• any additional DHCP snooping-based ACLs you have created for filtering on
untrusted ports.
You must remove any such additional DHCP snooping-based ACLs, using the no
access-group command. This is because these ACLs block all traffic except for
traffic that matches DHCP snooping entries. Once you have disabled DHCP
snooping, these ACLs will block all traffic. Note that if you disable DHCP snooping
on particular VLANs (using the no ip dhcp snooping command), you need to
make sure you remove any such additional ACLs that apply to those VLANs.
If you re-enable the service, the switch repopulates the DHCP snooping database
from the dynamic lease entries in the database backup file (see the ip dhcp
snooping database command). It also updates the lease expiry times.
Per-VLAN DHCP snooping
This mode only enables DHCP snooping for the VLANs configured using the
command ip dhcp snooping. It minimizes the amount of DHCP traffic forwarded to
the CPU. However, it creates 2 ACL entries for each VLAN that DHCP snooping is
enabled on, so it is most suitable if you have a small number of VLANs. Use the
show platform classifier statistics utilization brief command to see the number of
ACLs available for your switch.
If you use this mode and you are also using Q-in-Q (VLAN stacking or VLAN
double-tagging), then you need to disable Layer 2 flooding on VLANs that do not
have DHCP snooping configured. Otherwise, the switch may forward two copies of
some DHCP packets on the non-snooping VLANs, with one copy being
single-tagged instead of double-tagged. To turn off L2 flooding, use the ip dhcp
snooping disable-l2-flooding command.
Examples To enable the DHCP snooping service on only the VLANs that have DHCP snooping
enabled, use the commands:
awplus# configure terminal
awplus(config)# service dhcp-snooping
To disable the DHCP snooping service on the switch, use the commands:
awplus# configure terminal
awplus(config)# no service dhcp-snooping
Related
commands
access-group
ip dhcp snooping
ip dhcp snooping database
ip dhcp snooping disable-l2-flooding
ip dhcp snooping max-bindings
show ip dhcp snooping
To Next Page
Loading...
Need help?
General
