show ip-security dhcp-snooping

show ip-security dhcp-snooping [ {vlan} vlan_name | vlan vlan_list]

Description

Displays the DHCP snooping configurations on the switch.

Syntax Description

vlan_name Specifies the name of the DHCP-snooping VLAN.
vlan_name Specifies the name of the DHCP-snooping VLAN list.

Default

N/A.

Usage Guidelines

The switch displays the following DHCP snooping information:
  • DHCP snooping enabled on ports—The ports that have DHCP snooping enabled.
  • Trusted ports—The ports configured as trusted ports.
  • Trusted DHCP servers—The servers configured as trusted DHCP servers.
  • Port—The specific port that has DHCP snooping enabled.
  • Violation-action—The action the switch takes upon detecting a rogue DHCP packet on the port.
  • Hostname—The name of the host in the DHCP request.
  • Vendor class identifier—Identifies the vendor type and configuration of a DHCP client.
  • Parameter request list—.

Host name, vendor class identifier and parameter request list have been added to the snooping information as a part of DHCP Fingerprinting, which is a technique used to identify the type of device that sent a DHCP request. DHCP Fingerprinting enhances network security when used with DHCP Snooping. DHCP Fingerprinting can be used to determine a device‘s type, model, operating system, and configuration, which can then be use to identify unauthorized devices on the network.

Example

The following sample output displays the DHCP snooping settings for the switch:

# show ip-security dhcp-snooping vlan "Default"
DHCP Snooping enabled on ports: 7, 9, 11
Trusted Ports: None
Trusted DHCP Servers: None
Bindings Restoration     : Enabled
Bindings Filename        : dhcpsonia.xsf
Bindings File Location   :
Primary Server  : 10.1.1.14, VR-Default, TFTP
Secondary Server: None
Bindings Write Interval  : 5 minutes
Bindings last uploaded at:
------------------------------------
Port            Violation-action
------------------------------------
7               none
9               none
11              none

The following sample output displays the DHCP snooping settings for the switch if configured through RADIUS:

# show ip-security dhcp-snooping "Default"
DHCP Snooping enabled via RADIUS
DHCP Snooping enabled on ports: 1, 2,  30
Trusted Ports: None
Trusted DHCP Servers: 1.1.1.1, 1.1.2.1
Bindings Restoration     : Disabled
Bindings Filename        : 
Bindings File Location   :
         Primary Server  : None 
         Secondary Server: None
Bindings Write Interval  : 30 minutes
------------------------------------
Port            Violation-action
------------------------------------
1               drop-packet
2               drop-packet
30              drop-packet

History

This command was first available in ExtremeXOS 11.6.

The vlan_list variable was added in ExtremeXOS 16.1.

DHCP Fingerprinting was added in ExtremeXOS 32.7.1.

Platform Availability

This command is available on all Universal switches supported in this document.