ip dhcp snooping

Enables DHCP snooping globally at the device level.

Syntax

ip dhcp snooping [ binding [ mac-addr| ip-addr ] |vlan vlan-id | interface [switchport | physical interface] ]
no ip dhcp snooping [ binding [ mac-addr| ip-addr ] |vlan vlan-id | interface [switchport | physical interface] ]

Command Default

By default, DHCP snooping is not enabled.

Parameters

binding [ mac-addr| ip-addr ]
Specifies the MAC or IP address of the host for the entry in the binding database.
vlan vlan-id
Specifies the VLAN ID of the host for the entry in the binding database.
interface [ switchport physical interface ]
Specifies the ID of the switchport interface.

Modes

Interface configuration mode

Usage Guidelines

DHCPv4 snooping uses trusted ports that have been identified as having legitimate DHCP servers attached. As clients communicate on the network, the device builds a binding database, which contains the MAC address of the host, the leased IP address, the lease time, the binding type, and the VLAN number and interface information associated with the host. The device then filters DHCP server messages from untrusted ports to protect the integrity of legitimate DHCP servers and their operation.

Use the no form of the command to disable DHCP snooping.

9037772-00 Rev AA