C
OMMAND
L
INE
I
NTERFACE
4-270
ip dhcp snooping
This command enables DHCP snooping globally. Use the no form to
restore the default setting.
Syntax
[no] ip dhcp snooping
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
• Network traffic may be disrupted when malicious DHCP messages
are received from an outside source. DHCP snooping is used to filter
DHCP messages received on an unsecure interface from outside the
network or firewall. When DHCP snooping is enabled globally by this
command, and enabled on a VLAN interface by the ip dhcp
snooping vlan command (page 4-272), DHCP messages received on
an untrusted interface (as specified by the no ip dhcp snooping trust
command, page 4-273) from a device not listed in the DHCP
snooping table will be dropped.
• When enabled, DHCP messages entering an untrusted interface are
filtered based upon dynamic entries learned via DHCP snooping.
• Table entries are only learned for untrusted interfaces. Each entry
includes a MAC address, IP address, lease time, entry type
ip dhcp snooping
database flash
Displays the static host name-to-address
mapping table
GC 4-277
show ip dhcp
snooping
Displays the configuration for DNS
services
PE 4-277
show ip dhcp
snooping binding
Displays entries in the DNS cache PE 4-278
Table 4-76 DHCP Snooping Commands
Command Function Mode Page
To Next Page
Loading...
Need help?
General
