User Manual UMN:CLI
V5808
347
from outside the network.
The DHCP snooping basically permits all the trusted messages received from within the
network and filters untrusted messages. In case of untrusted messages, all the binding
entries are recorded in a DHCP snooping binding table. This table contains a hardware
address, IP address, lease time, VLAN ID, interface, etc.
It also gives you a way to differentiate between untrusted interfaces connected to the
end-user and trusted interfaces connected to the DHCP server or another switch.
The DHCP snooping only filters the DHCP server message such as a DHCP_OFFER or
DHCP_ACK, which is received from untrusted interfaces.
8.5.7.1 Enabling DHCP Snooping
To enable the DHCP snooping globally, use the following command
Enables the DHCP snooping globally.
Disables the DHCP snooping globally. (default)
Upon enabling the DHCP snooping, the DHCP_OFFER and DHCP_ACK messages from
all the ports will be discarded before specifying a trusted port.
To enable the DHCP snooping on a VLAN, use the following command
ip dhcp snooping vlan VLANS
Enables the DHCP snooping on a specified VLAN.
no ip dhcp snooping vlan
VLANS
Disables the DHCP snooping on a specified VLAN.
You must enable DHCP snooping globally before enabling DHCP snooping on a VLAN.
8.5.7.2 DHCP Trust State
To define a state of a port as trusted or untrusted, use the following command.
ip dhcp snooping trust PORTS
Defines a state of a specified port as trusted.
no ip dhcp snooping trust
PORTS
Defines a state of a specified port as untrusted.
(default)
To Next Page
Loading...