Complete DHCP Snooping configuration commands (1)

Source: Internet
Author: User

In the previous article, we explained what DHCP Snooping is. So we have a general understanding of this through the content of the article. Next, we will take a look at the specific operations and steps of DHCP Snooping configuration. The DHCP Snooping function and the DHCP Option 82 function of 1x are mutually exclusive.

DHCP Snooping and DHCP Option82

DHCP Snooping only detects the user's DHCP process. If you want to control the user's access through an IP address allocated by DHCP, you must use the ARP detection function. The ARP detection module must detect all ARP packets, therefore, it will affect the overall performance of the device.

DHCP Snooping configuration enable and disable DHCP Snooping

By default, the DHCP Snooping function of the device is disabled.

The dhcp snooping function is enabled to monitor dhcp packets.

Command description

Switch # configure terminal enters Configuration Mode
Switch (config) # [no] ip dhcp snooping DHCP snooping enable and disable

Below is the configuration to enable the DHCP snooping function of the device:

 
 
  1. switch# configure terminal   
  2. switch(config)# ip dhcp snooping   
  3. switch(config)# end   
  4. switch# 

DHCP Snooping configuration: DHCP source MAC check function

After this command is configured, the device checks the MAC address of the source MAC and Client fields for the DHCP Request packets sent from the UNTRUST port, and discards invalid packets with different MAC values.

Check is not performed by default.

Command description

 
 
  1. Switch # configure terminal enters Configuration Mode
  2. Switch (config) # [no] ip dhcp snooping
  3. Verify mac-address

Enable and disable the source MAC check function

Below is the function of enabling DHCP source MAC check

 
 
  1. switch# configure terminal   
  2. switch(config)# ip dhcp snooping verify mac-address   
  3. switch(config)# end   
  4. switch# 

DHCP Snooping configuration: static DHCP snooping user

In some application scenarios, users on some ports can use some IP addresses statically by configuring the user information.

Command description

 
 
  1. Switch # configure terminal enters Configuration Mode
  2. Switch (config) # [no] ip dhcp snooping
  3. Bindingmac-addrees vlan vlan_id ip
  4. Ip-addressinterface interface-id

Set static DHCP users to DHCP

Snooping binding Database

Add a static user to port 9 of the device:

 
 
  1. switch# configure terminal   
  2. switch(config)# ip dhcp snooping binding 00d0.f801.0101 vlan   
  3. 1 ip 192.168.4.243 interface gigabitEthernet 0/9   
  4. switch(config)# end   
  5. switch# 

DHCP Snooping configuration: periodically write DHCP Snooping database information to flash

To prevent DHCP user information loss caused by power failure and restart, DHCP Snooping provides a configurable command to write DHCP Snooping database information to flash. By default, it is set to 0, that is, writing flash from time to time.

Command description

 
 
  1. Switch # configure terminal enters Configuration Mode
  2. Switch (config) # [no] ip dhcp snooping
  3. Database write-delay [time]

Sets the time for DHCP to delay flash writing.

Time: 600 s -- 86400s. The default value is 0.

The following section sets the DHCP Snooping delay to 3600 s for flash writing:

 
 
  1. switch# configure terminal   
  2. switch(config)# ip dhcp snooping database write-delay 3600   
  3. switch(config)# end   
  4. switch# 

Manually write DHCP snooping database information to flash

To prevent DHCP user information loss caused by device power failure and restart, in addition to configuring timed flash writing, you can also manually write the current DHCP Snooping bound database information to flash as needed.

Command description


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.