show ip-security dhcp-snooping

show ip-security dhcp-snooping [ {vlan} vlan_name | vlan vlan_list]


Displays the DHCP (Dynamic Host Configuration Protocol) snooping configurations on the switch.

Syntax Description

vlan_name Specifies the name of the DHCP-snooping VLAN (Virtual LAN).
vlan_name Specifies the name of the DHCP-snooping VLAN list.



Usage Guidelines

The switch displays the following DHCP snooping information:
  • DHCP snooping enabled on ports—The ports that have DHCP snooping enabled.
  • Trusted ports—The ports configured as trusted ports.
  • Trusted DHCP servers—The servers configured as trusted DHCP servers.
  • Port—The specific port that has DHCP snooping enabled.
  • Violation-action—The action the switch takes upon detecting a rogue DHCP packet on the port.


The following sample output displays the DHCP snooping settings for the switch:

# show ip-security dhcp-snooping vlan "Default"
DHCP Snooping enabled on ports: 7, 9, 11
Trusted Ports: None
Trusted DHCP Servers: None
Bindings Restoration     : Enabled
Bindings Filename        : dhcpsonia.xsf
Bindings File Location   :
Primary Server  :, VR-Default, TFTP
Secondary Server: None
Bindings Write Interval  : 5 minutes
Bindings last uploaded at:
Port            Violation-action
7               none
9               none
11              none


This command was first available in ExtremeXOS 11.6.

The vlan_list variable was added in ExtremeXOS 16.1.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.