Verifying That DHCP Snooping Is Working Correctly
Purpose
Verify that DHCP snooping is working on the switch and that the DHCP snooping database is correctly populated with both dynamic and static bindings.
Action
Send some DHCP requests from network devices (here they are DHCP clients) connected to the switch.
Display the DHCP snooping information when the interface on which the DHCP server connects to the switch is trusted. The following output results when requests are sent from the MAC addresses and the server has provided the IP addresses and leases:
user@switch>
show dhcp snooping binding
DHCP Snooping Information: MAC address IP address Lease (seconds) Type VLAN Interface
00:05:85:3A:82:77 192.0.2.17 600 dynamic employee ge-0/0/1.0
00:05:85:3A:82:79 192.0.2.18 653 dynamic employee ge-0/0/1.0
00:05:85:3A:82:80 192.0.2.19 720 dynamic employee ge-0/0/2.0
00:05:85:3A:82:81 192.0.2.20 932 dynamic employee ge-0/0/2.0
00:05:85:3A:82:83 192.0.2.21 1230 dynamic employee ge-0/0/2.0
00:05:85:27:32:88 192.0.2.22 — static data ge-0/0/4.0
Meaning
When the interface on which the DHCP server connects to the switch has been set to trusted, the output (see preceding sample) shows, for each MAC address, the assigned IP address and lease time—that is, the time, in seconds, remaining before the lease expires. Static IP addresses have no assigned lease time. The statically configured entry never expires.
If the DHCP server had been configured as untrusted, the output would look like this:
user@switch> show dhcp snooping binding
DHCP Snooping Information: MAC address IP address Lease (seconds) Type VLAN Interface
00:05:85:3A:82:77 0.0.0.0 - dynamic employee ge-0/0/1.0
00:05:85:3A:82:79 0.0.0.0 - dynamic employee ge-0/0/1.0
00:05:85:3A:82:80 0.0.0.0 - dynamic employee ge-0/0/2.0
00:05:85:3A:82:81 0.0.0.0 - dynamic employee ge-0/0/2.0
00:05:85:3A:82:83 0.0.0.0 - dynamic employee ge-0/0/2.0
00:05:85:27:32:88 192.0.2.22 – static data ge-0/0/4.0
In the preceding output sample, IP addresses and lease times are not assigned to the dynamically learned bindings because the DHCP clients do not have a trusted server to which they can send requests. In the database, the clients' MAC addresses are shown with no assigned IP addresses (hence the 0.0.0.0 content in the IP Address column) and no leases (the lease time is shown as a dash – in the Lease column).