Enterasys b5

To Next Page

To Previous Page

set dhcpsnooping trust

17-6 DHCP Snooping and Dynamic ARP Inspection

Mode

Switchcommand,read‐write.

Usage

Whenaswitchlearnsofnewbindingsorwhenitlosesbindings,theswitchupdatestheentriesin

thebindingsdatabaseaccordingtothewritedelaytimer.Theswitchalsoupdatestheentriesin

thebindingfile.The frequencyatwhichthefileisupdatedisbasedonthedelayconfigured

with

thiscommand,andtheupdatesarebatched.

Example

Thefollowingexamplespecifies thatthestoreddatabaseshouldbeupdatedonceanhour.

B5(rw)->set dhcpsnooping database write-delay 3600

set dhcpsnooping trust

UsethiscommandtoenableordisableaportasaDHCPsnoopingtrustedport.

Syntax

set dhcpsnooping trust port port-string {enable | disable}

Parameters

Defaults

Bydefault,portsareuntrusted.

Mode

Switchcommand,read‐write.

Usage

InorderforDHCPsnoopingtooperate,snoopinghastobeenabledgloballyandonspecific

VLANs,andtheportswithintheVLANshavetobeconfiguredastrustedoruntrusted.On

trustedports,DHCPclientmessagesareforwardeddirectlybythehardware.Onuntrustedports,

clientmessagesaregivento

theDHCPsnoopingapplication.

TheDHCPsnoopingapplicationbuildsthebindingsdatabasefromclient messagesreceivedon

untrustedports.DHCPsnoopingcreatesa“tentativebinding” fromDHCPDISCOVERand

REQUESTmessages.Tentativebindingstieaclienttotheportonwhichthemessagepacketwas

received.Tentativebindingsarecompletedwhen

DHCPsnoopinglearnstheclient’sIPaddress

fromaDHCPACKmessageonatrustedport.

TheportsontheswitchthroughwhichDHCPserversarereachedmustbeconfiguredastrusted

portssothatpacketsreceivedfromthoseportswillbeforwardedtoclients.DCHPpacketsfroma

DHCP

server(DHCPOFFER,DHCPACK,DHCPNAK)aredroppedifreceivedonanuntrusted

port.

portport‐string Specifiestheportorportstobe enabledordisabledastrustedports.The

portscanbephysicalportsorLAGsthat aremembersofaVLAN.

enable|disable Enablesordisablesthe

specifiedportsastrustedports.