beautypg.com

Service dhcp-snooping, Service, Service dhcp – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1462: Service dhcp-snooping command, Service dhcp-snooping command on

background image

DHCP Snooping Commands

Software Reference for x310 Series Switches

56.24

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

service dhcp-snooping

Use this command to enable the DHCP snooping service globally on the switch. This must
be enabled before other DHCP snooping configuration commands can be entered.

Use the no variant of this command to disable the DHCP snooping service on the switch.
This removes all DHCP snooping configuration from the running configuration, except for
any DHCP snooping maximum bindings settings (

ip dhcp snooping max-bindings

command on page 56.18

)

, and any DHCP snooping-based Access Control Lists (ACLs),

which are retained when the service is disabled.

Syntax

service dhcp-snooping

no service dhcp-snooping

Default

DHCP snooping is disabled on the switch by default.

Mode

Global Configuration

Usage

For DHCP snooping to operate on a VLAN, it must be enabled on the switch by using this
command, and also enabled on the particular VLAN by using the

ip dhcp snooping

command on page 56.9

.

For DHCP snooping to operate on a VLAN, it must:

be enabled globally on the switch by using this command

be enabled on the particular VLAN by using the

ip dhcp snooping command on

page 56.9

have at least one port connected to a DHCP server configured as a trusted port by
using the

ip dhcp snooping trust command on page 56.20

If you disable the DHCP snooping service by using the no variant of this command, all
DHCP snooping configuration (including ARP security, but excluding maximum bindings
and ACLs) is removed from the running configuration, and the DHCP snooping database is
deleted from active memory. If you re-enable the service, the switch:

repopulates the DHCP snooping database from the dynamic lease entries in the
database backup file (in NVS by default—see the

ip dhcp snooping database

command on page 56.15

). The lease expiry times are updated.

The DHCP snooping service cannot be enabled on a switch that is configured with any of
the following features, or vice versa:

web authentication (

auth-web enable command on page 43.33

)

roaming authentication (

auth roaming enable command on page 43.17

,

auth

roaming disconnected command on page 43.15

)

guest VLAN authentication (

auth guest-vlan command on page 43.8

).

DHCP relay agent option (

ip dhcp-relay agent-option command on page 64.10

)

Any ACLs on a port that permit traffic matching DHCP snooping entries and block other
traffic, will block all traffic if DHCP snooping is disabled on the port. If you disable DHCP
snooping on the switch using this command, you must also remove any DHCP snooping
ACLs from the ports to maintain connectivity (

no

access-group command on page 34.4

).

See also other documents in the category Allied Telesis Computer hardware: