[an error occurred while processing this directive] [an error occurred while processing this directive]

examine-dhcp

Syntax

(examine-dhcp | no-examine-dhcp);

Hierarchy Level

[edit ethernet-switching-options secure-access-port vlan (all | vlan-name)]

Release Information

Statement introduced in JUNOS Release 9.0 for EX Series switches.

Description

Enable DHCP snooping on all VLANs or on the specified VLAN.

  • examine-dhcp—Enable DHCP snooping.
  • no-examine-dhcp—Disable DHCP snooping.

When DHCP snooping is enabled, the switch logs DHCP packets (DHCPOFFER, DHCPDECLINE, DHCPACK, and DHCPNAK packets) that it receives on untrusted ports. You can monitor the log for these messages, which can signal the presence of a malicious DHCP server on the network.

Tip: For Private VLANs (PVLANs), enable DHCP snooping on the primary VLAN. If you enable DHCP snooping only on a community VLAN, DHCP messages coming from PVLAN trunk ports are not snooped.

Default

Disabled.

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.


Published: 2009-09-24

[an error occurred while processing this directive]