ip dhcp packet strict-validation
To enable the strict validation of DHCP packets by the DHCP snooping feature, use the ip dhcp packet
strict-validation command. To disable the strict validation of DHCP packets, use the no form of this command.
ip dhcp packet strict-validation
no ip dhcp packet strict-validation
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Global configuration
Command History
ModificationRelease
This command was introduced.5.0(2)
Usage Guidelines
This command does not require a license.
You must enable DHCP snooping before you can use the ip dhcp packet strict-validation command.
Strict validation of DHCP packets checks that the DHCP options field in DCHP packets is valid, including
the “magic cookie” value in the first four bytes of the options field. When strict validation of DHCP packets
is enabled, the device drops DHCP packets that fail validation.
Examples
This example shows how to enable the strict validation of DHCP packets:
switch# configure terminal
switch(config)# ip dhcp packet strict-validation
switch(config)#
Related Commands
DescriptionCommand
Enables the DHCP snooping feature on the device.feature dhcp
Enables the insertion and removal of option-82
information from DHCP packets forwarded by the
DHCP relay agent.
ip dhcp relay information option
Globally enables DHCP snooping on the device.ip dhcp snooping
Cisco Nexus 7000 Series Security Command Reference
389
I Commands
ip dhcp packet strict-validation
To Next Page
Loading...
