Chapter 9
| General Security Measures
DHCPv4 Snooping
– 290 –
Command Mode
Global Configuration
Command Usage
When the switch receives DHCP packets from clients that already include DHCP
Option 82 information, the switch can be configured to set the action policy for
these packets. The switch can either drop the DHCP packets, keep the existing
information, or replace it with the switch’s relay information.
Example
Console(config)#ip dhcp snooping information policy drop
Console(config)#
ip dhcp snooping
verify mac-address
This command verifies the client’s hardware address stored in the DHCP packet
against the source MAC address in the Ethernet header. Use the
no
form to disable
this function.
Syntax
[
no
]
ip dhcp snooping verify mac-address
Default Setting
Enabled
Command Mode
Global Configuration
Command Usage
If MAC address verification is enabled, and the source MAC address in the Ethernet
header of the packet is not same as the client’s hardware address in the DHCP
packet, the packet is dropped.
Example
This example enables MAC address verification.
Console(config)#ip dhcp snooping verify mac-address
Console(config)#
Related Commands
ip dhcp snooping (283)
ip dhcp snooping vlan (291)
ip dhcp snooping trust (295)
To Next Page
Loading...
Need help?
General