Configuration Guide User guide
FastIron Configuration Guide 1931
53-1002494-02
DHCP snooping
Enabling trust on a port
The default trust setting for a port is untrusted. For ports that are connected to host ports, leave
their trust settings as untrusted.
To enable trust on a port, enter commands such as the following .
Brocade(config)#interface ethernet 1/4
Brocade(config-if-e10000-1/4)#arp inspection trust
The commands change the CLI to the interface configuration level of port 1/4 and set the trust
setting of port 1/4 to trusted.
Syntax: [no] arp inspection trust
Displaying ARP inspection status and ports
To display the ARP inspection status for a VLAN and the trusted or untrusted port, enter the
following command.
Syntax: show ip arp inspection [vlan <vlan_id>]
The <vlan_id> variable specifies the ID of a configured VLAN.
Displaying the ARP table
To display the ARP table, enter the show arp command .
The command displays all ARP entries in the system. For field definitions, refer to Table 184 on
page 1071.
Syntax: show arp
DHCP snooping
Dynamic Host Configuration Protocol (DHCP) snooping enables the Brocade device to filter
untrusted DHCP packets in a subnet. DHCP snooping can ward off MiM attacks, such as a
malicious user posing as a DHCP server sending false DHCP server reply packets with the intention
of misdirecting other users. DHCP snooping can also stop unauthorized DHCP servers and prevent
errors due to user mis-configuration of DHCP servers.
Often DHCP snooping is used together with Dynamic ARP Inspection and IP Source Guard.
Brocade#show ip arp inspection vlan 2
IP ARP inspection VLAN 2: Disabled
Trusted Ports : ethe 1/4
Untrusted Ports : ethe 2/1 to 2/3 ethe 4/1 to 4/24 ethe 6/1 to 6/4 ethe 8/1 to
8/4
Brocade#show arp
Total number of ARP entries: 2, maximum capacity: 6000
No IP Address MAC Address Type Age Port Status
1 10.43.1.1 0004.80a0.4000 Dynamic 0 mgmt1 Valid
2 10.43.1.78 00e0.8160.6ab1 Dynamic 2 mgmt1 Valid