SMC Networks SMC8150L2 ip dhcp snooping vlan

DHCP Snooping Commands

4-233

4

receives an ACK message from a DHCP server. Also, when the switch sends

out DHCP client packets for itself, no filtering takes place. However, when the

switch receives any messages from a DHCP server, any packets received

from untrusted ports are dropped.

Example

This example enables DHCP snooping globally for the switch.

Related Commands

ip dhcp snooping vlan (4-233)

ip dhcp snooping trust (4-234)

ip dhcp snooping vlan

This command enables DHCP snooping on the specified VLAN. Use the no form to

restore the default setting.

Syntax

[no] ip dhcp snooping vlan vlan-id

vlan-id - ID of a configured VLAN (Range: 1-4094)

Default Setting

Disabled

Command Mode

Global Configuration

Command Usage

• When DHCP snooping enabled globally using the ip dhcp snooping

command (page 4-231), and enabled on a VLAN with this command, DHCP

packet filtering will be performed on any untrusted ports within the VLAN as

specified by the ip dhcp snooping trust command (page 4-234).

• When the DHCP snooping is globally disabled, DHCP snooping can still be

configured for specific VLANs, but the changes will not take effect until DHCP

snooping is globally re-enabled.

• When DHCP snooping is globally enabled, configuration changes for specific

VLANs have the following effects:

- If DHCP snooping is disabled on a VLAN, all dynamic bindings learned for

this VLAN are removed from the binding table.

Example

This example enables DHCP snooping for VLAN 1.

Console(config)#ip dhcp snooping

Console(config)#

Console(config)#ip dhcp snooping vlan 1

Console(config)#

Contents

Main Page Page Page Contents Page Page Page Page Page Page Page Page Page Page Page Page Page Tables Page Page Page Figures Page Page Page 1-1 Chapter 1: Introduction Key Features Table 1-1 Key Features 1-2 Description of Software Features Description of Software Features 1-3 1-4 Page 1-6 System Defaults System Defaults 1-7 Table 1-2 System Defaults (Continued) Page 2-1 Chapter 2: Initial Configuration Connecting to the Switch Configuration Options 2-2 Required Connections 2-3 Remote Connections Basic Configuration Console Connection 2-4 Setting Passwords Setting an IP Address Manual Configuration 2-5 Dynamic Configuration 2-6 Enabling SNMP Management Access Community Strings (for SNMP version 1 and 2c clients) 2-7 Trap Receivers 2-8 Configuring Access for SNMP Version 3 Clients Saving Configuration Settings Managing System Files 2-9 Managing System Files Page 3-1 Chapter 3: Configuring the Switch Using the Web Interface 3-2 Navigating the Web Browser Interface Home Page 3-3 Configuration Options Panel Display 3-4 Main Menu 3-5 3-6 3-7 3-8 3-9 3-10 Basic Configuration Displaying System Information 3-11 Displaying Switch Hardware/Software Versions 3-12 Web Click System, Switch Information. Figure 3-4 Switch Information CLI Use the following command to display version information. 3-13 Displaying Bridge Extension Capabilities 3-14 Setting the Switchs IP Address Page 3-16 Using DHCP/BOOTP 3-17 Enabling Jumbo Frames Managing Firmware 3-18 Downloading System Software from a Server 3-19 Saving or Restoring Configuration Settings 3-20 Downloading Configuration Settings from a Server 3-21 Console Port Settings 3-22 3-23 Telnet Settings 3-24 3-25 Configuring Event Logging Displaying Log Messages 3-26 System Log Configuration 3-27 Remote Log Configuration 3-28 Simple Mail Transfer Protocol 3-29 3-30 Renumbering the System Resetting the System 3-31 Setting the System Clock Configuring SNTP 3-32 Setting the Time Zone 3-33 Simple Network Management Protocol Setting Community Access Strings 3-34 Specifying Trap Managers and Trap Types 3-35 Enabling SNMP Agent Status 3-36 Configuring SNMPv3 Management Access Setting the Local Engine ID 3-37 Specifying a Remote Engine ID Configuring SNMPv3 Users 3-38 3-39 3-40 Configuring Remote SNMPv3 Users 3-41 Configuring SNMPv3 Groups 3-42 3-43 3-44 3-45 Setting SNMPv3 Views 3-46 User Authentication Configuring User Accounts 3-47 3-48 Configuring Local/Remote Logon Authentication 3-49 Page 3-51 CLI Specify all the required parameters to enable logon authentication. 3-52 Configuring HTTPS 3-53 Replacing the Default Secure-site Certificate 3-54 Configuring the Secure Shell 3-55 3-56 Configuring the SSH Server 3-57 Generating the Host Key Pair 3-58 3-59 Configuring Port Security 3-60 Configuring 802.1X Port Authentication 3-61 Displaying 802.1X Global Settings 3-62 Configuring 802.1X Global Settings 3-63 Configuring Port Settings for 802.1X Page 3-65 3-66 Displaying 802.1X Statistics This switch can display statistics for dot1x protocol exchanges for any port. 3-67 Access Control Lists Configuring Access Control Lists 3-68 Setting the ACL Name and Type 3-69 Configuring a Standard IP ACL Configuring an Extended IP ACL 3-70 3-71 3-72 Configuring a MAC ACL 3-73 Binding a Port to an Access Control List 3-74 Filtering IP Addresses for Management Access 3-75 3-76 Port Configuration Displaying Connection Status 3-77 3-78 Configuring Interface Connections 3-79 3-80 Creating Trunk Groups 3-81 Statically Configuring a Trunk } active links statically configured 3-82 Enabling LACP on Selected Ports } } Page 3-84 Configuring LACP Parameters 3-85 3-86 You can display statistics for LACP protocol messages. Displaying LACP Port Counters 3-87 CLI The following example displays LACP counters. 3-88 Displaying LACP Settings and Status for the Local Side 3-89 Figure 3-55 LACP - Port Internal Information 3-90 Displaying LACP Settings and Status for the Remote Side 3-91 Setting Broadcast Storm Thresholds 3-92 Figure 3-57 Port Broadcast Control 3-93 Configuring Port Mirroring 3-94 Configuring Rate Limits Rate Limit Configuration 3-95 Showing Port Statistics 3-96 3-97 Page Address Table Settings 3-99 Address Table Settings Setting Static Addresses 3-100 Displaying the Address Table Page 3-102 Changing the Aging Time Spanning Tree Algorithm Configuration 3-103 3-104 3-105 Displaying Global Settings 3-106 3-107 Configuring Global Settings 3-108 3-109 3-110 3-111 Displaying Interface Settings 3-112 3-113 3-114 Configuring Interface Settings 3-115 3-116 Configuring Multiple Spanning Trees Page 3-118 CLI This example sets STA attributes for port 1, , followed by settings for each port. Displaying Interface Settings for MSTP 3-111 Page 3-120 Configuring Interface Settings for MSTP Displaying Interface Settings on page 3-111 for additional information.) 3-121 3-122 VLAN Configuration IEEE 802.1Q VLANs 3-123 Assigning Ports to VLANs 3-124 3-125 Forwarding Tagged/Untagged Frames Enabling or Disabling GVRP (Global Setting) 3-126 Displaying Basic VLAN Information Displaying Current VLANs 3-127 3-128 Creating VLANs 3-129 Adding Static Members to VLANs (VLAN Index) 3-130 3-131 Adding Static Members to VLANs (Port Index) 3-132 Configuring VLAN Behavior for Interfaces 3-133 Configuring IEEE 802.1Q Tunneling 3-134 3-135 3-136 3-137 Enabling QinQ Tunneling on the Switch 3-138 Adding an Interface to a QinQ Tunnel Page 3-140 3-141 Configuring Private VLANs Enabling Private VLANs 3-142 Configuring Uplink and Downlink Ports Protocol VLANs Protocol VLAN Group Configuration Page 3-144 Class of Service Configuration Layer 2 Queue Settings Setting the Default Priority for Interfaces 3-145 Mapping CoS Values to Egress Queues 3-146 3-147 Enabling CoS Selecting the Queue Mode 3-148 Setting the Service Weight for Traffic Classes 3-149 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values Selecting IP Precedence/DSCP Priority 3-150 Mapping IP Precedence 3-151 3-152 Mapping DSCP Priority 3-153 Mapping IP Port Priority 3-154 Quality of Service 3-155 Configuring Quality of Service Parameters Configuring a Class Map 3-156 Page 3-158 Creating QoS Policies 3-159 3-160 3-161 Attaching a Policy Map to Ingress Queues 3-162 Multicast Filtering Layer 2 IGMP (Snooping and Query) 3-163 Configuring IGMP Snooping and Query Parameters 3-164 Enabling IGMP Immediate Leave 3-165 Displaying Interfaces Attached to a Multicast Router 3-166 Specifying Static Interfaces for a Multicast Router 3-167 Displaying Port Members of Multicast Services 3-168 Assigning Ports to Multicast Services 3-169 IGMP Filtering and Throttling 3-170 Enabling IGMP Filtering and Throttling 3-171 Configuring IGMP Filtering and Throttling for Interfaces 3-172 Configuring IGMP Filter Profiles 3-173 3-174 Multicast VLAN Registration 3-175 Configuring Global MVR Settings 3-176 Displaying MVR Interface Status Page 3-178 Displaying Port Members of Multicast Groups 3-179 Configuring MVR Interface Status 3-180 Assigning Static Multicast Groups to Interfaces 3-181 Configuring Domain Name Service Configuring General DNS Service Parameters 3-182 3-183 Configuring Static DNS Host to Address Entries 3-184 3-185 Displaying the DNS Cache 3-186 DHCP Snooping DHCP Snooping 3-187 DHCP Snooping Configuration 3-188 DHCP Snooping VLAN Configuration DHCP Snooping Information Option Configuration DHCP Snooping 3-189 DHCP Snooping Port Configuration 3-190 DHCP Snooping Binding Information IP Source Guard 3-191 IP Source Guard IP Source Guard Port Configuration 3-192 Static IP Source Guard Binding Configuration IP Source Guard 3-193 Dynamic IP Source Guard Binding Information 3-194 Switch Clustering Switch Clustering 3-195 Cluster Configuration 3-196 Cluster Member Configuration Switch Clustering 3-197 Cluster Member Information 3-198 Cluster Candidate Information 4-1 Chapter 4: Command Line Interface Using the Command Line Interface Accessing the CLI Console Connection 4-2 Telnet Connection 4-3 Entering Commands Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Showing Commands The command show interfaces ? will display the following information: 4-5 Partial Keyword Lookup Negating the Effect of Commands Using Command History Understanding Command Modes 4-6 Exec Commands 4-7 Configuration Commands 4-8 Command Line Processing Command Groups 4-9 Command Groups 4-10 Line Commands 4-11 line login 4-12 password 4-13 timeout login response exec-timeout 4-14 password-thresh 4-15 silent-time databits 4-16 parity 4-17 speed stopbits 4-18 disconnect show line 4-19 General Commands enable 4-20 disable 4-21 configure show history 4-22 reload end 4-23 exit quit 4-24 System Management Commands Device Designation Commands prompt 4-25 hostname User Access Commands username 4-26 enable password 4-27 IP Filter Commands management 4-28 show management 4-29 Web Server Commands ip http port 4-30 ip http server ip http secure-server 4-31 ip http secure-port 4-32 Telnet Server Commands ip telnet port 4-33 ip telnet server Secure Shell Commands 4-34 4-35 ip ssh server 4-36 ip ssh timeout 4-37 ip ssh authentication-retries ip ssh server-key size 4-38 delete public-key ip ssh crypto host-key generate 4-39 ip ssh crypto zeroize ip ssh save host-key 4-40 show ip ssh show ssh 4-41 show public-key 4-42 4-43 Event Logging Commands logging on 4-44 logging history 4-45 logging host logging facility 4-46 logging trap clear logging 4-47 show logging 4-48 show log 4-49 SMTP Alert Commands logging sendmail host 4-50 logging sendmail level 4-51 logging sendmail source-email logging sendmail destination-email 4-52 logging sendmail show logging sendmail 4-53 Time Commands sntp client 4-54 sntp server 4-55 sntp poll show sntp 4-56 clock timezone calendar set 4-57 show calendar System Status Commands show startup-config 4-58 4-59 show running-config 4-60 Example Related Commands show startup-config (4-57) 4-61 show system show users 4-62 show version 4-63 Frame Size Commands jumbo frame 4-64 Flash/File Commands copy 4-65 4-66 The following example shows how to copy the running configuration to a startup file. The following example shows how to download a configuration file: 4-67 delete 4-68 dir 4-69 whichboot boot system 4-70 Authentication Commands Authentication Sequence 4-71 authentication login Page 4-73 RADIUS Client 4-74 radius-server host radius-server port 4-75 radius-server key radius-server retransmit 4-76 radius-server timeout show radius-server 4-77 TACACS+ Client tacacs-server host tacacs-server port 4-78 tacacs-server key show tacacs-server 4-79 Port Security Commands port security 4-80 4-81 802.1X Port Authentication dot1x system-auth-control 4-82 dot1x default dot1x max-req dot1x port-control 4-83 dot1x operation-mode 4-84 dot1x re-authenticate dot1x re-authentication dot1x timeout quiet-period 4-85 dot1x timeout re-authperiod dot1x timeout tx-period 4-86 show dot1x 4-87 4-88 4-89 Access Control List Commands 4-90 IP ACLs access-list ip 4-91 permit, deny (Standard ACL) permit, deny (Extended ACL) 4-92 4-93 show ip access-list ip access-group 4-94 show ip access-group 4-95 MAC ACLs access-list mac 4-96 permit, deny (MAC ACL) 4-97 show mac access-list 4-98 mac access-group show mac access-group 4-99 ACL Information show access-list show access-group 4-100 SNMP Commands 4-101 snmp-server show snmp 4-102 snmp-server community 4-103 snmp-server contact snmp-server location 4-104 snmp-server host 4-105 4-106 snmp-server enable traps 4-107 snmp-server engine-id 4-108 show snmp engine-id 4-109 snmp-server view 4-110 show snmp view snmp-server group 4-111 4-112 show snmp group Example 4-113 snmp-server user 4-114 4-115 show snmp user This command shows information on SNMP users. Command Mode Example Table 4-41 show snmp user - display description 4-116 Interface Commands interface 4-117 description speed-duplex 4-118 negotiation 4-119 capabilities 4-120 flowcontrol 4-121 shutdown 4-122 switchport broadcast packet-rate clear counters 4-123 show interfaces status 4-124 show interfaces counters 4-125 show interfaces switchport 4-126 Example This example shows the configuration setting for port 24. Table 4-43 Interfaces Switchport Statistics Mirror Port Commands 4-127 Mirror Port Commands port monitor 4-128 show port monitor Rate Limit Commands 4-129 Rate Limit Commands rate-limit 4-130 Link Aggregation Commands 4-131 channel-group 4-132 lacp 4-133 lacp system-priority 4-134 lacp admin-key (Ethernet Interface) 4-135 lacp admin-key (Port Channel) 4-136 lacp port-priority show lacp 4-137 Default Setting Port Channel: all Command Mode Table 4-47 show lacp counters - display description 4-138 Table 4-48 show lacp internal - display description 4-139 Table 4-49 show lacp neighbors - display description Table 4-50 show lacp sysid - display description 4-140 Address Table Commands mac-address-table static Address Table Commands 4-141 clear mac-address-table dynamic show mac-address-table 4-142 mac-address-table aging-time Page 4-144 Spanning Tree Commands 4-145 spanning-tree spanning-tree mode 4-146 spanning-tree forward-time 4-147 spanning-tree hello-time 4-148 spanning-tree max-age spanning-tree priority 4-149 spanning-tree pathcost method 4-150 spanning-tree transmission-limit spanning-tree mst-configuration 4-151 mst vlan mst priority 4-152 name 4-153 revision max-hops 4-154 spanning-tree spanning-disabled spanning-tree cost 4-155 spanning-tree port-priority 4-156 spanning-tree edge-port spanning-tree portfast 4-157 spanning-tree link-type 4-158 spanning-tree mst cost 4-159 spanning-tree mst port-priority 4-160 spanning-tree protocol-migration show spanning-tree 4-161 4-162 show spanning-tree mst configuration This command shows the configuration of the multiple spanning tree. Command Mode 4-163 VLAN Commands GVRP and Bridge Extension Commands 4-164 bridge-ext gvrp show bridge-ext 4-165 switchport gvrp show gvrp configuration 4-166 garp timer show garp timer 4-167 Editing VLAN Groups vlan database 4-168 vlan 4-169 Configuring VLAN Interfaces interface vlan 4-170 switchport mode 4-171 switchport acceptable-frame-types switchport ingress-filtering 4-172 switchport native vlan 4-173 switchport allowed vlan 4-174 switchport forbidden vlan 4-175 Displaying VLAN Information show vlan 4-176 Configuring IEEE 802.1Q Tunneling dot1q-tunnel system-tunnel-control 4-177 switchport dot1q-tunnel mode 4-178 switchport dot1q-tunnel tpid Related Commands show dot1q-tunnel 4-179 Configuring Private VLANs pvlan 4-180 show pvlan 4-181 Configuring Protocol-based VLANs protocol-vlan protocol-group (Configuring Groups) 4-182 protocol-vlan protocol-group (Configuring Interfaces) 4-183 show protocol-vlan protocol-group show interfaces protocol-vlan protocol-group 4-184 Priority Commands Priority Commands (Layer 2) 4-185 queue mode switchport priority default 4-186 queue bandwidth 4-187 queue cos-map 4-188 show queue mode show queue bandwidth 4-189 show queue cos-map Priority Commands (Layer 3 and 4) map ip dscp (Global Configuration) 4-190 map ip dscp (Interface Configuration) 4-191 show map ip dscp 4-192 Quality of Service Commands 4-193 4-194 class-map match 4-195 policy-map 4-196 class 4-197 set 4-198 police 4-199 service-policy show class-map 4-200 show policy-map show policy-map interface Example 4-201 Multicast Filtering Commands IGMP Snooping Commands 4-202 ip igmp snooping ip igmp snooping vlan static 4-203 ip igmp snooping version ip igmp snooping leave-proxy 4-204 ip igmp snooping immediate-leave show ip igmp snooping 4-205 show mac-address-table multicast 4-206 IGMP Query Commands (Layer 2) ip igmp snooping querier ip igmp snooping query-count 4-207 ip igmp snooping query-interval 4-208 ip igmp snooping query-max-response-time ip igmp snooping router-port-expire-time 4-209 Static Multicast Routing Commands ip igmp snooping vlan mrouter 4-210 show ip igmp snooping mrouter 4-211 IGMP Filtering and Throttling Commands ip igmp filter (Global Configuration) 4-212 ip igmp profile permit, deny 4-213 range ip igmp filter (Interface Configuration) 4-214 ip igmp max-groups 4-215 ip igmp max-groups action show ip igmp filter 4-216 show ip igmp profile show ip igmp throttle interface 4-217 Multicast VLAN Registration Commands 4-218 mvr (Global Configuration) 4-219 mvr (Interface Configuration) 4-220 4-221 show mvr 4-222 The following displays information about the interfaces attached to the MVR VLAN: Table 4-74 show mvr interface - display description Table 4-75 show mvr members - display description IP Interface Commands IP Interface Commands ip address 4-224 ip default-gateway IP Interface Commands 4-225 ip dhcp restart show ip interface 4-226 show ip redirects ping IP Source Guard Commands 4-227 IP Source Guard Commands ip source-guard 4-228 IP Source Guard Commands 4-229 ip source-guard binding 4-230 show ip source-guard show ip source-guard binding 4-231 DHCP Snooping Commands ip dhcp snooping 4-232 4-233 ip dhcp snooping vlan 4-234 ip dhcp snooping trust 4-235 ip dhcp snooping verify mac-address ip dhcp snooping information option 4-236 ip dhcp snooping information policy 4-237 show ip dhcp snooping show ip dhcp snooping binding Switch Cluster Commands 4-238 cluster 4-239 cluster commander cluster ip-pool 4-240 cluster member rcommand 4-241 show cluster show cluster members 4-242 show cluster candidates A-1 Appendix A: Software Specifications Software Features Software Specifications A-2 A Management Features Standards Management Information Bases A-3 A Management Information Bases Page B-1 Appendix B: Troubleshooting Problems Accessing the Management Interface Troubleshooting B-2 B Using System Logs Glossary Page Page Page Page Page Index Index-1 Numerics A B Index-2 F G H I Index-3 P Q R S Index-4 T U V W Page 20 Mason Irvine, CA 92618 Phn: 949-679-8000 www.smc.com SMC8126L2 SMC8150L2