Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

Dynamic Host Configuration Protocol (DHCP) Snooping and Address Resolution Protocol (ARP) Validation/Learning Configuration Persistence on Dynamic VLANs

This feature provides support for IP security for Dynamic Host Configuration Protocol (DHCP) Snooping and Address Resolution Protocol (ARP) learning/validation on dynamic VLANs so that the configuration persists after reboots.

Supported Platforms

Summit X450-G2, X460-G2, X670-G2, and ExtremeSwitching X440-G2, X465, X590, X620, X690, X870 series switches.

Changed CLI Commands

Changes are underlined.

enable ip-security dhcp-snooping [dynamic | {vlan} vlan_name] ports [all | ports] violation-action [drop-packet {[block-mac | block-port] [duration duration_in_seconds | permanently] | none]}] {snmp-trap}

disable ip-security dhcp-snooping [dynamic | {vlan} vlan_name] ports [all | ports]

configure trusted-servers [dynamic vlan_id |{vlan} vlan_name] add server ip_address trust-for dhcp-server

configure trusted-servers [dynamic vlan_id |vlan vlan_name] delete server ip_address trust-for dhcp-server

enable ip-security arp learning learn-from-arp [dynamic | {vlan} vlan_name] ports [all | ports]

disable ip-security arp learning learn-from-arp [dynamic | {vlan} vlan_name] ports [all | ports]

enable ip-security arp validation {destination-mac} {source-mac} {ip} [dynamic vlan_id |{vlan} vlan_name] [all | ports] violation-action [drop-packet {[block-port] [duration duration_in_seconds | permanently]}] {snmp-trap}

disable ip-security arp validation [dynamic | {vlan} vlan_name] [all | ports]

enable ip-security arp gratuitous-protection [dynamic | {vlan} all | vlan_name]

disable ip-security arp gratuitous-protection [dynamic | {vlan} vlan_name |all ]

configure ip-security dhcp-snooping information circuit-id vlan-information vlan_info [dynamic | {vlan} vlan_name | all]

unconfigure ip-security dhcp-snooping information circuit-id vlan-information [dynamic | {vlan} vlan_name |all]

configure ip-security dhcp-binding add ip ip_address mac mac_address [dynamic vlan_id | {vlan} vlan_name] server-port server_port client-port client_port lease-time seconds

configure ip-security dhcp-binding delete ip ip_address [dynamic vlan_id | {vlan} vlan_name]

enable ip-security arp learning learn-from-dhcp [dynamic vlan | {vlan} vlan_name] ports [all | ports]

disable ip-security arp learning learn-from-dhcp [dynamic vlan | {vlan} vlan_name ports [all | ports]

Published May 2019prev | next

Email this topicEmail this topic

Print this pagePrint this page