- 342 -
Default Setting
None
Command Mode
Privileged Exec
Display Message
Cable Status: One of the following statuses is returned:
Normal: The cable is worki ng correctly.
Open: The cable is disconnected or there is a faulty connector.
Short: There is an electrical short in the cable.
Cable Test Failed: The cable status could not be determined. The cable may in fact be working.
Cable Length: If this feature is supported by the PHY for the current link speed, the cable length is
displayed as a range between the shortest estimated length and the longest estimated length. Note
that if the link is down and a cable is attached to a 10/100 Ethernet adapter, then the cable status may
display as Open or Short because som e Ethernet adapters leave unused wi re pairs unterminated or
grounded. Unknown is disp layed if the cable length could not be determined.
7.18 DHCP Snooping Commands
DHCP snooping is a security feature that monitors DHCP messages between a DHCP clie nt and DHCP
servers to filter harmful DHCP messag es and to build a bindings database of {MAC add ress, IP address,
VLAN ID, port} tuples that are considered authorized. You can enable DHCP snooping globally and on
specific VLANs, and configure p orts within the VLAN to be trusted or untrusted . DHCP server s must be
reached through trusted ports.
The DHCP snooping binding table contains the MAC address, IP address, lease time, binding type, VLAN
number, and interface information that corresponds to the local untrusted interfaces of a switch; it does
not contain information regarding hosts interconnected with a trusted interface. An untrusted interface is
an interface that is configured to receive messages from outside the network or firewall. A trusted
interface is an interface that is configured to receive only messages from within the netwo rk.
DHCP snooping acts li ke a firewall between untrusted host s and DHCP servers. It also gives you a way to
differentiate between untru sted interfaces connecte d to the end-user and trusted i nterfaces connected to
the DHCP server or another switch.
DHCP snooping enforces the following security rules:
• DHCP packets from a DHCP server (DHCPOFFER, DHCPACK, DHCPNAK,
DHCPRELEASEQUERY) are dropped if received on an untrusted port.
• DHCPRELEASE and DHCPDECLINE messages are dropped if for a MAC address in the
snooping database, but the binding's int erface is other than the interface where the message was
received.
• On untrusted interfaces, the switch drop s DHCP pa ckets whose source MAC address does not
match the client hardware address. This feature is a configurable option.