Client Security Commands
4-117
4
• If the DHCP snooping is globally disabled, all dynamic bindings are removed
from the binding table.
• Additional considerations when the switch itself is a DHCP client – The port(s)
through which the switch submits a client request to the DHCP server must be
configured as trusted (ip dhcp snooping trust, page 4-118). Note that the
switch will not add a dynamic entry for itself to the binding table when it
receives an ACK message from a DHCP server. Also, when the switch sends
out DHCP client packets for itself, no filtering takes place. However, when the
switch receives any messages from a DHCP server, any packets received
from untrusted ports are dropped.
Example
This example enables DHCP snooping globally for the switch.
Related Command
ip dhcp snooping vlan (4-117)
ip dhcp snooping trust (4-118)
ip dhcp snooping vlan
This command enables DHCP snooping on the specified VLAN. Use the no form to
restore the default setting.
Syntax
[no] ip dhcp snooping vlan vlan-id
vlan-id - ID of a configured VLAN (Range: 1-4094)
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
• When DHCP snooping enabled globally using the ip dhcp snooping
command (page 4-115), and enabled on a VLAN with this command, DHCP
packet filtering will be performed on any untrusted ports within the VLAN as
specified by the ip dhcp snooping trust command (page 4-118).
• When the DHCP snooping is globally disabled, DHCP snooping can still be
configured for specific VLANs, but the changes will not take effect until DHCP
snooping is globally re-enabled.
Console(config)#ip dhcp snooping
Console(config)#
To Next Page
Loading...
