This feature provides support for IP security for Dynamic Host Configuration Protocol (DHCP) Snooping and Address Resolution Protocol (ARP) learning/validation on dynamic VLANs so that the configuration persists after reboots.
Summit X450-G2, X460-G2, X670-G2, and ExtremeSwitching X440-G2, X465, X590, X620, X690, X870 series switches.
Changes are underlined.
enable ip-security dhcp-snooping [dynamic | {vlan} vlan_name] ports [all | ports] violation-action [drop-packet {[block-mac | block-port] [duration duration_in_seconds | permanently] | none]}] {snmp-trap}
disable ip-security dhcp-snooping [dynamic | {vlan} vlan_name] ports [all | ports]
configure trusted-servers [dynamic vlan_id |{vlan} vlan_name] add server ip_address trust-for dhcp-server
configure trusted-servers [dynamic vlan_id |vlan vlan_name] delete server ip_address trust-for dhcp-server
enable ip-security arp learning learn-from-arp [dynamic | {vlan} vlan_name] ports [all | ports]
disable ip-security arp learning learn-from-arp [dynamic | {vlan} vlan_name] ports [all | ports]
enable ip-security arp validation {destination-mac} {source-mac} {ip} [dynamic vlan_id |{vlan} vlan_name] [all | ports] violation-action [drop-packet {[block-port] [duration duration_in_seconds | permanently]}] {snmp-trap}
disable ip-security arp validation [dynamic | {vlan} vlan_name] [all | ports]
enable ip-security arp gratuitous-protection [dynamic | {vlan} all | vlan_name]
disable ip-security arp gratuitous-protection [dynamic | {vlan} vlan_name |all ]
configure ip-security dhcp-snooping information circuit-id vlan-information vlan_info [dynamic | {vlan} vlan_name | all]
unconfigure ip-security dhcp-snooping information circuit-id vlan-information [dynamic | {vlan} vlan_name |all]
configure ip-security dhcp-binding add ip ip_address mac mac_address [dynamic vlan_id | {vlan} vlan_name] server-port server_port client-port client_port lease-time seconds
configure ip-security dhcp-binding delete ip ip_address [dynamic vlan_id | {vlan} vlan_name]
enable ip-security arp learning learn-from-dhcp [dynamic vlan | {vlan} vlan_name] ports [all | ports]
disable ip-security arp learning learn-from-dhcp [dynamic vlan | {vlan} vlan_name ports [all | ports]