Manualshelf

Administrator Guide

ManualsBrandsDell ManualsComputer equipmentForce10 Z9000
261262263264265266267268269270
Example of the show ip dhcp snooping Command
View the DHCP snooping statistics with the show ip dhcp snooping command.
Dell#show ip dhcp snooping
IP DHCP Snooping : Enabled.
IP DHCP Snooping Mac Verification : Disabled.
IP DHCP Relay Information-option : Disabled.
IP DHCP Relay Trust Downstream : Disabled.
Database write-delay (In minutes) : 0
DHCP packets information
Relay Information-option packets : 0
Relay Trust downstream packets : 0
Snooping packets : 0
Packets received on snooping disabled L3 Ports : 0
Snooping packets processed on L2 vlans : 142
DHCP Binding File Details
Invalid File : 0
Invalid Binding Entry : 0
Binding Entry lease expired : 0
List of Trust Ports :Te 0/49
List of DHCP Snooping Enabled Vlans :Vl 10
List of DAI Trust ports :Te 0/49
Drop DHCP Packets on Snooped VLANs Only
Binding table entries are deleted when a lease expires or the relay agent encounters a DHCPRELEASE.
Line cards maintain a list of snooped VLANs. When the binding table fills, DHCP packets are dropped only
on snooped VLANs, while such packets are forwarded across non-snooped VLANs. Because DHCP
packets are dropped, no new IP address assignments are made. However, DHCP release and decline
packets are allowed so that the DHCP snooping table can decrease in size. After the table usage falls
below the maximum limit of 4000 entries, new IP address assignments are allowed.
To view the number of entries in the table, use the show ip dhcp snooping binding command. This
output displays the snooping binding table created using the ACK packets from the trusted port.
Dell#show ip dhcp snooping binding
Codes : S - Static D - Dynamic
IP Address MAC Address Expires(Sec) Type VLAN Interface
================================================================
10.1.1.251 00:00:4d:57:f2:50 172800 D Vl 10 Te 0/2
10.1.1.252 00:00:4d:57:e6:f6 172800 D Vl 10 Te 0/1
10.1.1.253 00:00:4d:57:f8:e8 172740 D Vl 10 Te 0/3
10.1.1.254 00:00:4d:69:e8:f2 172740 D Vl 10 Te 0/50
Total number of Entries in the table : 4
Dynamic ARP Inspection
Dynamic address resolution protocol (ARP) inspection prevents ARP spoofing by forwarding only ARP
frames that have been validated against the DHCP binding table.
ARP is a stateless protocol that provides no authentication mechanism. Network devices accept ARP
requests and replies from any device. ARP replies are accepted even when no request was sent. If a client
Dynamic Host Configuration Protocol (DHCP)
263