Users Guide
1076 Snooping and Inspecting Traffic
To configure the switch:
1
Enable DHCP snooping on VLAN 100.
console#config
console(config)#ip dhcp snooping vlan 100
2 Configure LAG 1, which includes ports 21-24, as a trusted port. All other
interfaces are untrusted by default.
console(config)#interface port-channel 1
console(config-if-Po1)#ip dhcp snooping trust
console(config-if-Po1)#exit
3 Enter interface configuration mode for all untrusted interfaces (ports 1-
20) and limit the number of DHCP packets that an interface can receive
to 100 packets per second. LAG 1 is a trusted port and keeps the default
value for rate limiting (unlimited).
console(config)#interface range gi1/0/1-20
console(config-if)#ip dhcp snooping limit rate 100
console(config-if)#exit
4
Specify that the DHCP snooping database is to be stored remotely in a file
called dsDb.txt on a TFTP server with and IP address of 10.131.11.1.
console(config)#ip dhcp snooping database
tftp://10.131.11.1/dsDb.txt
5
Enable DHCP snooping for the switch
console(config)#ip dhcp snooping
6
View DHCP snooping information.
console#show ip dhcp snooping
DHCP snooping is Enabled
DHCP snooping source MAC verification is disabled
DHCP snooping is enabled on the following VLANs:
100
Interface Trusted Log Invalid Pkts
----------- ---------- ----------------