DHCP binding database

DHCP snooping maintains a database of up to 8192 DHCP bindings on untrusted ports. Each binding consists of:
  • Client MAC address

  • Port number

  • VLAN identifier

  • Leased IP address

  • Lease time

The switch can be configured to store the bindings at a specific URL so they will not be lost if the switch is rebooted. If the switch is rebooted, it will read its binding database from the specified location. To configure this location use this command.


[no] dhcp-snooping database [file <tftp://<ip-address>/<ascii-string>>][delay <15-86400>][timeout <0-86400>]

Must be in Uniform Resource Locator (URL) format – “tftp://ip-address/ascii-string”. The maximum filename length is 63 characters.


Number of seconds to wait before writing to the database. Default = 300 seconds.


Number of seconds to wait for the database file transfer to finish before returning an error. A value of zero (0) means retry indefinitely. Default = 300 seconds.

A message is logged in the system event log if the DHCP binding database fails to update. To display the contents of the DHCP snooping binding database, enter this command.


show dhcp-snooping binding

DHCP snooping binding database contents

switch(config)# show dhcp-snooping binding

 MacAddress         IP              VLAN Interface Time left
 -------------      --------------- ---- --------- ---------        4    6         1600

If a lease database is configured, the switch drops all DHCP packets until the lease database is read. This only occurs when the switch reboots and is completed quickly. If the switch is unable to read the lease database from the tftp server, it waits until that operation times out and then begins forwarding DHCP packets.