[an error occurred while processing this directive] [an error occurred while processing this directive]

Enabling DHCP Snooping (CLI Procedure)

DHCP snooping allows the switch to monitor and control DHCP messages received from untrusted devices connected to the EX Series switch. It builds and maintains a database of valid IP-address/MAC-address (IP-MAC) bindings called the DHCP snooping database.

You configure DHCP snooping for each VLAN, not for each interface (port). By default, DHCP snooping is disabled for all VLANs.

    To enable DHCP snooping on a VLAN or all VLANs by using the CLI:

    • On a specific VLAN (here, the VLAN is default):

      [edit ethernet-switching-options secure-access port]
      user@switch# set vlan default examine-dhcp
    • On all VLANs:

      [edit ethernet-switching-options secure-access port]
      user@switch# set vlan all examine-dhcp

    Tip: By default, the IP-MAC bindings are lost when the switch is rebooted and DHCP clients (the network devices, or hosts) must reacquire bindings. However, you can configure the bindings to persist by setting the dhcp-snooping-file statement to store the database file either locally or remotely.

    Tip: For private VLANs (PVLANs), enable DHCP snooping on the primary VLAN. If you enable DHCP snooping only on a community VLAN, DHCP messages coming from PVLAN trunk ports are not snooped.


      Published: 2009-09-24

      [an error occurred while processing this directive]