- Related Topics
- Enabling DHCP Snooping (CLI Procedure)
- Enabling DHCP Snooping (J-Web Procedure)
- Configuring Static IP Addresses for DHCP Bindings on Access Ports (CLI Procedure)
- Example: Configuring Port Security, with DHCP Snooping, DAI, MAC Limiting, and MAC Move Limiting, on an EX Series Switch
- Example: Configuring DHCP Snooping, DAI , and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch
- Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks
- Monitoring Port Security
- Troubleshooting Port Security
Verifying That DHCP Snooping Is Working Correctly
Purpose
Verify that DHCP snooping is working on the switch and that the DHCP snooping database is correctly populated with both dynamic and static bindings.
Action
Send some DHCP requests from network devices (here they are DHCP clients) connected to the switch.
Display the DHCP snooping information when the interface on which the DHCP server connects to the switch is trusted. The following output results when requests are sent from the MAC addresses and the server has provided the IP addresses and leases:
user@switch>
show dhcp snooping binding DHCP Snooping Information: MAC address IP address Lease (seconds) Type VLAN Interface
00:05:85:3A:82:77 192.0.2.17 600 dynamic employee ge-0/0/1.0
00:05:85:3A:82:79 192.0.2.18 653 dynamic employee ge-0/0/1.0
00:05:85:3A:82:80 192.0.2.19 720 dynamic employee ge-0/0/2.0
00:05:85:3A:82:81 192.0.2.20 932 dynamic employee ge-0/0/2.0
00:05:85:3A:82:83 192.0.2.21 1230 dynamic employee ge-0/0/2.0
00:05:85:27:32:88 192.0.2.22 — static data ge-0/0/4.0
Meaning
When the interface on which the DHCP server connects to the switch has been set to trusted, the output (see preceding sample) shows, for each MAC address, the assigned IP address and lease time—that is, the time, in seconds, remaining before the lease expires. Static IP addresses have no assigned lease time. The statically configured entry never expires.
If the DHCP server had been configured as untrusted, the output would look like this:
user@switch> show dhcp snooping binding DHCP Snooping Information: MAC address IP address Lease (seconds) Type VLAN Interface
00:05:85:3A:82:77 0.0.0.0 - dynamic employee ge-0/0/1.0
00:05:85:3A:82:79 0.0.0.0 - dynamic employee ge-0/0/1.0
00:05:85:3A:82:80 0.0.0.0 - dynamic employee ge-0/0/2.0
00:05:85:3A:82:81 0.0.0.0 - dynamic employee ge-0/0/2.0
00:05:85:3A:82:83 0.0.0.0 - dynamic employee ge-0/0/2.0
00:05:85:27:32:88 192.0.2.22 – static data ge-0/0/4.0
In the preceding output sample, IP addresses and lease times are not assigned to the dynamically learned bindings because the DHCP clients do not have a trusted server to which they can send requests. In the database, the clients' MAC addresses are shown with no assigned IP addresses (hence the 0.0.0.0 content in the IP Address column) and no leases (the lease time is shown as a dash – in the Lease column).