DHCPv4 snooping max-binding

DHCP snooping max-binding prevents binding entries from getting exhausted. This feature is on a per-port basis. It restricts the maximum number of bindings allowed on a port/interface. It applies to untrusted interfaces only. The maximum bindings for a particular port includes both statically configured and dynamically learned. The number of bindings on a per port basis is maintained i.e., incremented upon a lease offer and decremented upon a lease expiry or release.

DHCP snooping max-binding can be configured in configuration context or in an interface context for an untrusted interface. In case of configuration context, a port or a list of ports is selected for which max-binding is to be configured. Then the corresponding max-binding value is provided within a range of <1-8192>. For the interface context, after selecting the interface on which max-binding is to be configured, the max-binding value is provided within a range of <1-8192>. The max-binding configuration for a port can be removed using the no option of the command. max-binding cannot be set on trusted ports and ports for which the associated VLAN is not DHCP-snooping enabled. Once the max-bindings limit on an interface is reached, packets for DHCP clients which do not have a binding entry are dropped.

Syntax:


(config)# dhcp-snooping max-bindings [PORT-LIST][MAX-BINDING-NUM]

Configure the maximum number of bindings on specified ports. The maximum number of bindings default value is 8192. The allowed range on a port is 1 to 8192.

Syntax:


(interface)# dhcp-snooping <trust|max-bindings>[1-8192]

Configures the maximum binding value on a port. Only this number of clients are allowed on a port. By specifying [no] the max-binding is removed from the configuration and set to the default value of 8192.

Syntax:


(config)# show dhcp-snooping

Show all available dhcp-snooping information.

Example:

DHCP Snooping Information
DHCP Snooping : Yes
                Max       Current  Bindings
Port   Trust    Bindings  Static   Dynamic
_____  ______   ________  _______  _________
 1     Yes         -         -       -
 2     No         200        10      3
 3     No          3*        3       6
 4     No          5*        23      0
 5     No          -         -       -
 6     No          -         -       -
 7     No          -         -       -
 8     No          -         -       -
 9     No          -         -       -
 10    No          -         -       -
 11    Yes         -         -       -
 12    Yes         -         -       -
 13    No          -         -       -
 14    No          -         -       -
 15    No          -         -       -
 16    No          -         2       8
 17    No          21       12      24
 18    Yes         -         -       -
 19    No          -         -       -
 20    No          -         -       -
 21    No          -         -       -
 22    No          -         -       -
 23    No          -         -       -
 24    Yes         -         -       -

Syntax:


(config)# show dhcp-snooping stats

Shows the dhcp-snooping statistics.

Packet type  Action   Reason                        Count
 -----------  -------  ----------------------------  ---------
server       forward  from trusted port              0
client       forward  to trusted port                0
server       drop     received on untrusted port     0
server       drop     unauthorized server            0
client       drop     destination on untrusted port  0
client       drop     untrusted option 82 field      0
client       drop     bad DHCP release request       0
client       drop     failed verify MAC check        0
client       drop     failed on max-binding limit    0