• Download PDFs
• Verifying That a Trusted DHCP Server Is Working Correctly  

• Related Topics
• Enabling a Trusted DHCP Server (CLI Procedure)
• Enabling a Trusted DHCP Server (J-Web Procedure)
• Example: Configuring Port Security, with DHCP Snooping, DAI, MAC Limiting, and MAC Move Limiting, on an EX-series Switch
• Example: Configuring a DHCP Server Interface as Untrusted to Protect the Switch from Rogue DHCP Server Attacks
• Monitoring Port Security
• Troubleshooting Port Security

Verifying That a Trusted DHCP Server Is Working Correctly

Purpose

Verify that a DHCP trusted server is working on the switch. See what happens when the DHCP server is trusted and then untrusted.

Action

Send some DHCP requests from network devices (here they are DHCP clients) connected to the switch.

Display the DHCP snooping information when the interface on which the DHCP server connects to the switch is trusted. The following output results when requests are sent from the MAC addresses and the server has provided the IP addresses and leases:

DHCP Snooping Information:
MAC Address         IP Address    Lease    Type     VLAN          Interface

-----------------   ----------    -----    ----     ----          ---------

00:05:85:3A:82:77    192.0.2.17    600    dynamic  employee—vlan   ge-0/0/1.0

00:05:85:3A:82:79    192.0.2.18    653    dynamic  employee—vlan   ge-0/0/1.0

00:05:85:3A:82:80    192.0.2.19    720    dynamic  employee—vlan   ge-0/0/2.0

00:05:85:3A:82:81    192.0.2.20    932    dynamic  employee—vlan   ge-0/0/2.0

00:05:85:3A:82:83    192.0.2.21   1230    dynamic  employee—vlan   ge-0/0/2.0

00:05:85:27:32:88    192.0.2.22   3200    dynamic  employee—vlan   ge-0/0/2.0


            

Meaning

When the interface on which the DHCP server connects to the switch has been set to trusted, the output (see preceding sample) shows, for each MAC address, the assigned IP address and lease time—that is, the time, in seconds, remaining before the lease expires.

If the DHCP server had been configured as untrusted, the output would look like this:

DHCP Snooping Information:
MAC Address          IP Address  Lease    Type     VLAN          Interface

-----------------    ----------  -----    ----     ----          ---------

00:05:85:3A:82:77      0.0.0.0      -    dynamic  employee—vlan   ge-0/0/1.0

00:05:85:3A:82:79      0.0.0.0      -    dynamic  employee—vlan   ge-0/0/1.0

00:05:85:3A:82:80      0.0.0.0      -    dynamic  employee—vlan   ge-0/0/2.0

00:05:85:3A:82:81      0.0.0.0      -    dynamic  employee—vlan   ge-0/0/2.0

00:05:85:3A:82:83      0.0.0.0      -    dynamic  employee—vlan   ge-0/0/2.0

00:05:85:27:32:88      0.0.0.0      -    dynamic  employee—vlan   ge-0/0/2.0


            

In the preceding output sample, IP addresses and lease times are not assigned because the DHCP clients do not have a trusted server to which they can send requests. In the database, the clients' MAC addresses are shown with no assigned IP addresses (hence the 0.0.0.0 content in the IP Address column) and no leases (the lease time is shown as a dash – in the Lease column).