Configuring DHCPv4 snooping

Syntax


[no] dhcp-snooping [authorized-server | database | option | trust | verify | vlan]
authorized server

Specifies the IP address of a trusted DHCP server. If no authorized servers are configured, all DHCP server addresses are considered valid. Maximum: 20 authorized servers.

database

Specifies a URL location for the lease database in the format tftp://ip-addr/ascii-string. The maximum number of characters for the URL is 63.

option

Adds the relay information option (Option 82) to DHCP client packets that are being forwarded out trusted ports. The default is yes, add relay information.

trust

Configures trusted ports. Only server packets received on trusted ports are forwarded. Default: untrusted.

verify

Enables DHCP packet validation. The DHCP client hardware address field and the source MAC address must be the same for packets received on untrusted ports or the packet is dropped. Default: Yes.

vlan

Enables DHCP snooping on a vlan. DHCP snooping must be enabled already. Default: No.

To display the DHCPv4 snooping configuration, enter this command:
switch(config)# show dhcp-snooping
The following figure shows sample output.
Show dhcpv4-snooping
To display statistics about the DHCPv4 snooping process, enter this command:
switch(config)# show dhcp-snooping stats
The following figure shows sample output.
Show DHCPv4 snooping statistics