show dhcpsnooping

show dhcpsnooping

Usage

To protect the switch from DHCP attacks when DHCP snooping is enabled, the snooping application enforces a rate limit for DHCP packets received on untrusted interfaces. DHCP snooping monitors the receive rate on each interface separately. If the receive rate exceeds the configured limit, DHCP snooping brings down the interface. You can re‐enable the interface with the set port enable command. Both the rate and the burst interval can be configured.

You can display the currently configured rate limit parameters with the show dhcpsnooping port command.

Example

This example configures rate limit parameters on port ge.1.1.

C3(rw)->set dhcpsnooping limit ge.1.1 rate 20 burst interval 2

C3(rw)->show dhcpsnooping port ge.1.1

Interface

Trust State

Rate Limit

Burst Interval

 

 

(pps)

(seconds)

----------

-------------

-------------

---------------

ge.1.1

No

20

2

Use this command to display DHCP snooping configuration parameters.

Syntax

show dhcpsnooping

Parameters

None.

Defaults

None.

Mode

Switch command, read‐write.

Usage

This command displays the status (enabled or disabled) of DHCP snooping globally, lists the VLANs on which DHCP snooping is enabled, displays whether source MAC address verification is enabled or disabled, and for ports that are enabled for snooping, displays whether they are trusted or untrusted and whether logging of invalid packets has been enabled.

Example

This example shows the output of the show dhcpsnooping command.

C3(su)->show dhcpsnooping

DHCP snooping is Enabled

DHCP snooping source MAC verification is enabled

DHCP snooping is enabled on the following VLANs:

17-10 DHCP Snooping and Dynamic ARP Inspection

Page 520
Image 520
Enterasys Networks 9034313-07 manual This example configures rate limit parameters on port ge.1.1