Supported Platforms
Related Documentation
- EX Series, QFabric System, QFX Series standalone switches
- Example: Configuring Basic Port Security Features
- EX Series, QFX Series standalone switches
- Example: Configuring DHCP Snooping, DAI , and MAC Limiting on a Switch with Access to a DHCP Server Through a Second Switch
- Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks
- Enabling DHCP Snooping (CLI Procedure)
- EX Series
- Example: Using CoS Forwarding Classes to Prioritize Snooped Packets in Heavy Network Traffic
- Enabling DHCP Snooping (J-Web Procedure)
examine-dhcp
Syntax
Hierarchy Level
Release Information
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Description
Enable DHCP snooping on all VLANs or on the specified VLAN.
 | Note: If you configure DHCP for all VLANs and you enable a different port security feature on a specific VLAN, you must also explicitly enable DHCP snooping on that VLAN. Otherwise, the default value of no DHCP snooping applies to that VLAN. |
- examine-dhcp—Enable DHCP snooping.
- no-examine-dhcp—Disable DHCP snooping.
When DHCP snooping is enabled, the switch logs DHCP packets (DHCPOFFER, DHCPDECLINE, DHCPACK, and DHCPNAK packets) that it receives on untrusted ports. You can monitor the log for these messages, which can signal the presence of a malicious DHCP server on the network.
 | Tip: For private VLANs (PVLANs), enable DHCP snooping on the primary VLAN. If you enable DHCP snooping only on a community VLAN, DHCP messages coming from PVLAN trunk ports are not snooped. |
The remaining statement is explained separately.
Default
Disabled.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Related Documentation
- EX Series, QFabric System, QFX Series standalone switches
- Example: Configuring Basic Port Security Features
- EX Series, QFX Series standalone switches
- Example: Configuring DHCP Snooping, DAI , and MAC Limiting on a Switch with Access to a DHCP Server Through a Second Switch
- Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks
- Enabling DHCP Snooping (CLI Procedure)
- EX Series
- Example: Using CoS Forwarding Classes to Prioritize Snooped Packets in Heavy Network Traffic
- Enabling DHCP Snooping (J-Web Procedure)
Published: 2014-04-23
Supported Platforms
Related Documentation
- EX Series, QFabric System, QFX Series standalone switches
- Example: Configuring Basic Port Security Features
- EX Series, QFX Series standalone switches
- Example: Configuring DHCP Snooping, DAI , and MAC Limiting on a Switch with Access to a DHCP Server Through a Second Switch
- Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks
- Enabling DHCP Snooping (CLI Procedure)
- EX Series
- Example: Using CoS Forwarding Classes to Prioritize Snooped Packets in Heavy Network Traffic
- Enabling DHCP Snooping (J-Web Procedure)
