show dhcpsnooping
17-10 DHCP Snooping and Dynamic ARP Inspection
Usage
Toprotectthe switchfromDHCPattackswhenDHCPsnoopingisenabled,thesnooping
applicationenforcesarateli mitforDHCPpacketsreceivedonuntrustedinterfaces.DHCP
snoopingmonitorsthereceiverateoneachinterfaceseparately.Ifthereceiverateexceedsthe
configuredlimit,DHCPsnoopingbringsdowntheinterface.You
canre‐enabletheinterfac ewith
thesetportenablecommand.Boththerateandtheburstintervalcanbeconfigured.
Youcandisplaythecurrentlyconfiguredratelimitparameterswiththeshowdhcpsnoopingport
command.
Example
Thisexampleconfiguresratelimitparametersonportge.1.1.
C2(rw)->set dhcpsnooping limit ge.1.1 rate 20 burst interval 2
C2(rw)->show dhcpsnooping port ge.1.1
Interface Trust State Rate Limit Burst Interval
(pps) (seconds)
---------- ------------- ------------- ---------------
ge.1.1 No 20 2
show dhcpsnooping
UsethiscommandtodisplayDHCPsnoopingconfigurationparameters.
Syntax
show dhcpsnooping
Parameters
None.
Defaults
None.
Mode
Switchcommand,read‐write.
Usage
Thiscommanddisplaysthestatus(enabledordisabled)ofDHCPsnoopingglobally,liststhe
VLANsonwhichDHCPsnoopingisenabled,displayswhethersourceMACaddressverification
isenabledordisabled,andforportsthatareenabledforsnooping,displayswhethertheyare
trustedoruntrustedandwhetherloggingofinvalid
packetshasbeenenabled.
Example
Thisexampleshowstheoutputoftheshowdhcpsnoopingcommand.
C2(su)->show dhcpsnooping
DHCP snooping is Enabled
DHCP snooping source MAC verification is enabled
DHCP snooping is enabled on the following VLANs:
To Next Page
Loading...
Need help?
General