Clear ip dhcp snooping binding, Clear ip dhcp snooping, Binding – LevelOne GTL-2691 User Manual
Page 953
C
HAPTER
29
| General Security Measures
DHCP Snooping
– 953 –
C
OMMAND
M
ODE
Interface Configuration (Ethernet, Port Channel)
C
OMMAND
U
SAGE
◆
A trusted interface is an interface that is configured to receive only
messages from within the network. An untrusted interface is an
interface that is configured to receive messages from outside the
network or fire wall.
◆
Set all ports connected to DHCP servers within the local network or fire
wall to trusted, and all other ports outside the local network or fire wall
to untrusted.
◆
When DHCP snooping ia enabled globally using the
command, and enabled on a VLAN with
command, DHCP packet filtering will be performed on any untrusted
ports within the VLAN according to the default status, or as specifically
configured for an interface with the no ip dhcp snooping trust
command.
◆
When an untrusted port is changed to a trusted port, all the dynamic
DHCP snooping bindings associated with this port are removed.
◆
Additional considerations when the switch itself is a DHCP client – The
port(s) through which it submits a client request to the DHCP server
must be configured as trusted.
E
XAMPLE
This example sets port 5 to untrusted.
Console(config)#interface ethernet 1/5
Console(config-if)#no ip dhcp snooping trust
Console(config-if)#
R
ELATED
C
OMMANDS
clear ip dhcp
snooping binding
This command clears DHCP snooping binding table entries from RAM. Use
this command without any optional keywords to clear all entries from the
binding table.
S
YNTAX
clear ip dhcp snooping binding [mac-address vlan vlan-id]
mac-address - Specifies a MAC address entry.
(Format: xx-xx-xx-xx-xx-xx)
vlan-id - ID of a configured VLAN (Range: 1-4093)