Enterasys b5

To Next Page

To Previous Page

set dhcpsnooping log-invalid

17-8 DHCP Snooping and Dynamic ARP Inspection

Parameters

Defaults

SourceMACaddressverificationisenabledbydefault.

Mode

Switchcommand,read‐write.

Usage

Whenthisverificationisenabled,theDHCPsnoopingapplica tion comparesthesourceMAC

addresscontainedinvalidclientmessageswiththeclient’shardwareaddress.Ifthereisa

mismatch,DHCPsnoopinglogstheeventanddropsthepacket.

Usetheshowdhcpsnoopingcommandtodisplaythestatus(enabledordisabled)of

sourceMAC

addressverificationforeachinterfaceinanenabledVLAN.Theshowdhcpsnoopingstatistics

commandshowstheactualnumberofMACverificationerrorsthatoccurredonuntrustedports.

Example

ThisexampledisablessourceMACaddressverificationandlogging.

(rw)->set dhcpsnooping verify mac-address disable

set dhcpsnooping log-invalid

Usethiscommandtoenableordisableloggingofinva lidDHCPmessagesonports.

Syntax

set dhcpsnooping log-invalid port port-string {enable | disable}

Parameters

Defaults

Disabled.

Mode

Switchcommand,read‐write.

Usage

TheDHCPsnoopingapplicationprocessesincomingDHCPmessages.ForDHCPRELEASEand

DHCPDECLINEmessages,theapplicationcomparesthereceiveinterfaceandVLANwiththe

enable EnablesverificationofthesourceMACaddressinclientmessages

againsttheclienthardwareaddress.

disable Disablesverificationofthe sourceMACaddressinclientmessages

againstthe

clienthardwareaddress.

portport‐string Specifiestheportorportsonwhichtoenableordisableloggingof

invalidpackets.

enable|disable Enablesordisablesloggingonthespecifiedports.