mac

Commands for DHCP Snooping

359

Example: Enable encrypt or hash function of private message.

Switch(config)# enable trustview key 0 switch

31.7 ip dhcp snooping

Command: ip dhcp snooping enable

no ip dhcp snooping enable

Function: Enable the DHCP Snooping function.

Parameters: None.

Command Mode: Globe mode.

Default Settings: DHCP Snooping is disabled by default.

Usage Guide: When this function is enabled, it will monitor all the DHCP Server packets

of non-trusted ports.

Example: Enable the DHCP Snooping function.

switch(config)#ip dhcp snooping enable

31.8 ip dhcp snooping action

Command: ip dhcp snooping action {shutdown | blackhole} [recovery <second>]

no ip dhcp snooping action

Function: Set or delete the automatic defense action of a port.

Parameters:

shutdown: When the port detects a fake DHCP Server, it will be shutdown.

blackhole: When the port detects a fake DHCP Server, the vid and source

MAC of the fake packet will be used to block the traffic from this MAC.

recovery: Users can set to recover after the automatic defense action

being executed.(no shut ports or delete correponding blackhole）.

second: Users can set how long after the execution of defense action to

recover. The unit is second, and valid range is 10-3600.

Command Mode: Port mode

Default Settings: No default defense action.

Usage Guide: Only when DHCP Snooping is globally enabled, can this command be set.

Trusted port will not detect fake DHCP Server, so, will never trigger the corresponding

defense action. When a port turns into a trusted port from a non-trusted port, the original

defense action of the port will be automatically deleted.

Example: Set the DHCP Snooping defense action of port ethernet1/1 as setting