Statement introduced in JUNOS Release 9.0 for EX Series switches.
Enable DHCP snooping on all VLANs or on the specified VLAN.
- examine-dhcp—Enable DHCP snooping.
- no-examine-dhcp—Disable DHCP snooping.
When DHCP snooping is enabled, the switch logs DHCP packets (DHCPOFFER, DHCPDECLINE, DHCPACK, and DHCPNAK packets) that it receives on untrusted ports. You can monitor the log for these messages, which can signal the presence of a malicious DHCP server on the network.
Tip: For Private VLANs (PVLANs), enable DHCP snooping on the primary VLAN. If you enable DHCP snooping only on a community VLAN, DHCP messages coming from PVLAN trunk ports are not snooped.
Required Privilege Level
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.