User's Manual Part 2



35JadeOSUserManual

Step4SpecifytheinterfaceofDHCPServer

(JadeOS)(config-dhcp-relay)# server-interface <interface-name>

Step5EnableRelay 

(JadeOS)(config-dhcp-relay)# enable

6.6.4 DHCP Snooping

DHCP Snooping acts as the firewall between untrust host and DHCP server, which

avoid interfere and attack to the legal user. Through DHCP snooping, you can view

thefilteredillegalDHCPmessage.

BecauseDHCPmessagecarriesMACaddressandIPaddressofuserterminal,youcan

obtainandrecordDHCPmessagethroughcontinuouslytrack,whichcanbeused to

indentifyotherillegalDHCPmessage.

ThroughbuildingandmaintainingDHCPsnoopingtable(IP‐MACbinding),systemcan

detectwhetherthefollowedcommunicationislegal,andthenrejecttheunmatched

databetweenIPandMAC.

Toenable DHCPsnooping,usethefollowingcommand:

ip dhcp snooping enable

TodisplayDHCPsnoopingbindingtable,usethefollowingcommand:

(JadeOS) #show ip dhcp snooping binding counter

Datapath Bind Table Statistics

-------------------------------

Current Entries 1001

High Water Mark 1001

Maximum Entries 262144

Total Entries 4001

Allocation Failures 0

(JadeOS) #show ip dhcp snooping binding

DHCP Snooping State is disable

DHCP Snooping verify MAC State is disable

Datapath Binding Table Entries

-------------------------------------------------------------------

Type: D - Dynamic, S - Statically-configured

MacAddress IpAddress Lease(sec) Type Interface

------------- --------------- --------- ------ ------------

00:50:ba:50:77:06 13.0.7.20 300 D Gi 6/10

00:50:ba:50:76:DA 13.0.6.242 300 D Gi 6/10