19-DHCP Snooping Commands
Chapters Download (76.49 KB)
Table of Contents
1 DHCP Snooping Configuration Commands
DHCP Snooping Configuration Commands
dhcp-snooping information circuit-id format-type
dhcp-snooping information circuit-id string
dhcp-snooping information enable
dhcp-snooping information format
dhcp-snooping information remote-id format-type
dhcp-snooping information remote-id string
dhcp-snooping information strategy
display dhcp-snooping information
display dhcp-snooping packet statistics
reset dhcp-snooping packet statistics
The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.
Syntax
dhcp-snooping
undo dhcp-snooping
View
System view
Default Level
2: System level
Parameters
None
Description
Use the dhcp-snooping command to enable DHCP snooping.
Use the undo dhcp-snooping command to disable DHCP snooping.
With DHCP snooping disabled, all ports can forward responses from any DHCP servers and does not record binding information about MAC addresses of DHCP clients and the obtained IP addresses.
By default, DHCP snooping is disabled.
Related commands: display dhcp-snooping.
Examples
# Enable DHCP snooping.
<Sysname> system-view
[Sysname] dhcp-snooping
Syntax
dhcp-snooping information circuit-id format-type { ascii | hex }
undo dhcp-snooping information circuit-id format-type
View
Layer 2 Ethernet port view, ONU port view
Default Level
2: System level
Parameters
ascii: Specifies the code type for the circuit ID sub-option as ascii.
hex: Specifies the code type for the circuit ID sub-option as hex.
Description
Use the dhcp-snooping information circuit-id format-type command to configure the code type for the non-user-defined circuit ID sub-option.
Use the undo dhcp-snooping information circuit-id format-type command to restore the default.
By default, the code type for the circuit ID sub-option depends on the padding format of Option 82. Each field has its own code type.
Note that:
This command applies to configuring the non-user-defined circuit ID sub-option only. After you configure the padding content for the circuit ID sub-option using the dhcp-snooping information circuit-id string command, ASCII is adopted as the code type.
Examples
# Configure the padding format for the non-user-defined circuit ID sub-option as ascii.
<Sysname> system-view
[Sysname] interface onu 1/0/1:1
[Sysname-onu 1/0/1:1] dhcp-snooping information circuit-id format-type ascii
Syntax
dhcp-snooping information [ vlan vlan-id ] circuit-id string circuit-id
undo dhcp-snooping information [ vlan vlan-id ] circuit-id string
View
Layer 2 Ethernet port view, ONU port view
Default Level
2: System level
Parameters
vlan vlan-id: Specifies a VLAN ID, in the range of 1 to 4094.
circuit-id: Padding content for the user-defined circuit ID sub-option, a case-sensitive string of 3 to 63 characters.
Description
Use the dhcp-snooping information circuit-id string command to configure the padding content for the user-defined circuit ID sub-option.
Use the undo dhcp-snooping information circuit-id string command to restore the default.
By default, the padding content for the circuit ID sub-option depends on the padding format of Option 82.
Note that:
l After you configure the padding content for the circuit ID sub-option using this command, ASCII is adopted as the code type.
l If a VLAN is specified, the configured circuit ID sub-option only takes effect within the VLAN; if no VLAN is specified, the configured circuit ID sub-option takes effect in all VLANs. The former case has a higher priority; that is, the circuit ID sub-option specified for a VLAN will be padded for packets within the VLAN.
Related commands: dhcp-snooping information format.
Examples
# Configure the global padding content for the user-defined circuit ID sub-option as company001.
<Sysname> system-view
[Sysname] interface onu 1/0/1:1
[Sysname-onu 1/0/1:1] dhcp-snooping information circuit-id string company001
Syntax
dhcp-snooping information enable
undo dhcp-snooping information enable
View
Layer 2 Ethernet interface view, ONU port view
Default Level
2: System level
Parameters
None
Description
Use the dhcp-snooping information enable command to configure DHCP snooping to support Option 82.
Use the undo dhcp-snooping information enable command to disable this function.
By default, DHCP snooping does not support Option 82.
Examples
# Configure DHCP snooping to support Option 82.
<Sysname> system-view
[Sysname] interface Onu 1/0/1:1
[Sysname-Onu1/0/1:1] dhcp-snooping information enable
Syntax
In Layer 2 Ethernet interface view:
dhcp-snooping information format { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] }
undo dhcp-snooping information format [ verbose node-identifier ]
In ONU port view:
dhcp-snooping information format normal
undo dhcp-snooping information format
View
Layer 2 Ethernet interface view, ONU port view
Default Level
2: System level
Parameters
normal: Specifies the normal padding format.
verbose: Specifies the verbose padding format.
node-identifier { mac | sysname | user-defined node-identifier }: Specifies access node identifier. By default, the node MAC address is used as the node identifier.
l mac indicates using MAC address as the node identifier.
l sysname indicates using the device name of a node as the node identifier.
l user-defined node-identifier indicates using a specified character string as the node identifier, in which node-identifier is a string of 1 to 50 characters.
Description
Use the dhcp-snooping information format command to specify the padding format for Option 82.
Use the undo dhcp-snooping information format command to restore the default.
By default, the padding format for Option 82 is normal.
Note that when you use the undo dhcp-snooping information format command, if the verbose node-identifier argument is not specified, the padding format will be restored to normal; if the verbose node-identifier argument is specified, the padding format will be restored to verbose with MAC address as the node identifier.
Examples
# Specify the padding format as verbose for Option 82.
[Sysname] interface GigabitEthernet 1/1/1
[Sysname-GigabitEthernet1/1/1] dhcp-snooping information enable
[Sysname-GigabitEthernet1/1/1] dhcp-snooping information strategy replace
[Sysname-GigabitEthernet1/1/1] dhcp-snooping information format verbose
Syntax
dhcp-snooping information remote-id format-type { ascii | hex }
undo dhcp-snooping information remote-id format-type
View
Layer 2 Ethernet port view, ONU port view
Default Level
2: System level
Parameters
ascii: Specifies the code type for the remote ID sub-option as ascii.
hex: Specifies the code type for the remote ID sub-option as hex.
Description
Use the dhcp-snooping information remote-id format-type command to configure the code type for the non-user-defined remote ID sub-option.
Use the undo dhcp-snooping information remote-id format-type command to restore the default.
By default, the code type for the remote ID sub-option is HEX.
Note that:
This command applies to configuring a non-user-defined remote ID sub-option only. After you configure the padding content for the remote ID sub-option using the dhcp-snooping information remote-id string command, ASCII is adopted as the code type.
Examples
# Configure the code type for the non-user-defined remote ID sub-option as ascii.
<Sysname> system-view
[Sysname] interface Onu 1/0/1:1
[Sysname-Onu1/0/1:1] dhcp-snooping information remote-id format-type ascii
Syntax
dhcp-snooping information [ vlan vlan-id ] remote-id string { remote-id | sysname }
undo dhcp-snooping information [ vlan vlan-id ] remote-id string
View
Layer 2 Ethernet port view, ONU port view
Default Level
2: System level
Parameters
vlan vlan-id: Specifies a VLAN ID, in the range of 1 to 4094.
remote-id: Padding content for the user-defined circuit ID sub-option, a case-sensitive string of 1 to 63 characters.
sysname: Specifies the device name as the padding content for the remote ID sub-option.
Description
Use the dhcp-snooping information remote-id string command to configure the padding content for the user-defined remote ID sub-option.
Use the undo dhcp-snooping information remote-id string command to restore the default.
By default, the padding content for the remote ID sub-option depends on the padding format of Option 82.
Note that:
l After you configure the padding content for the remote ID sub-option using this command, ASCII is adopted as the code type.
l If a VLAN is specified, the configured remote ID sub-option only takes effect within the VLAN; if no VLAN is specified, the configured remote ID sub-option takes effect in all VLANs. The former case has a higher priority; that is, the remote ID sub-option configured for a VLAN will be padded for the packets within the VLAN.
Related commands: dhcp-snooping information format.
If you want to specify the character string sysname (a case-insensitive character string) as the padding content for the remote ID sub-option, you need to use quotation marks to make it take effect. For example, if you want to specify Sysname as the padding content for the remote ID sub-option, you need to enter the dhcp relay information remote-id string “Sysname” command.
Examples
# Configure the padding content for the remote ID sub-option as device001.
<Sysname> system-view
[Sysname] interface Onu 1/0/1:1
[Sysname-Onu1/0/1:1] dhcp-snooping information remote-id string device001
Syntax
dhcp-snooping information strategy { drop | keep | replace }
undo dhcp-snooping information strategy
View
Layer 2 Ethernet interface view, ONU port view
Default Level
2: System level
Parameters
drop: Drops the requesting message containing Option 82.
keep: Forwards the requesting message containing Option 82 without changing Option 82.
replace: Forwards the requesting message containing Option 82 after replacing the original Option 82 with the one padded in specified format.
Description
Use the dhcp-snooping information strategy command to configure the handling strategy for Option 82 in requesting messages.
Use the undo dhcp-snooping information strategy command to restore the default.
By default, the handling strategy for Option 82 in requesting messages is replace.
Examples
# Configure the handling strategy for Option 82 in requesting messages as keep.
<Sysname> system-view
[Sysname] interface Onu 1/0/1:1
[Sysname-Onu1/0/1:1] dhcp-snooping information strategy keep
Syntax
dhcp-snooping trust [ no-user-binding ]
undo dhcp-snooping trust
View
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Default Level
2: System level
Parameters
no-user-binding: Specifies the port not to record the clients’ IP-to-MAC bindings in DHCP requests it receives. The command without this keyword records the IP-to-MAC bindings of clients.
Description
Use the dhcp-snooping trust command to configure a port as a trusted port.
Use the undo dhcp-snooping trust command to restore the default state of a port.
All ports are untrusted by default.
After enabling DHCP snooping, you need to specify the ports connected to the valid DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses.
Related commands: display dhcp-snooping trust.
Examples
# Specify GigabitEthernet 1/1/1 as a trusted port and enable it to record the IP-to-MAC bindings of clients.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/1/1
[Sysname-GigabitEthernet 1/1/1] dhcp-snooping trust
Syntax
display dhcp-snooping [ ip ip-address ]
View
Any view
Default Level
1: Monitor level
Parameters
ip ip-address: Displays the DHCP snooping IP-to-MAC binding corresponding to the specified IP address.
Description
Use the display dhcp-snooping command to display the IP-to-MAC bindings recorded by the DHCP snooping device.
Related commands: dhcp-snooping.
Using the display dhcp-snooping command displays IP-to-MAC bindings that are present both in the DHCP-ACK and DHCP-REQUEST messages.
Examples
# Display all IP-to-MAC bindings recorded by the DHCP snooping device.
<Sysname> display dhcp-snooping
DHCP Snooping is enabled.
The client binding table for all untrusted ports.
Type : D--Dynamic , S--Static
Type IP Address MAC Address Lease VLAN Interface
==== =============== ============== ============ ==== =================
D 192.168.0.44 000d-56f5-759c 86333 1 Onu1/0/1:1
--- 1 dhcp-snooping item(s) found ---
Table 1-1 display dhcp snooping command output description
|
Field |
Description |
|
Type |
Binding type |
|
IP Address |
IP address assigned to the DHCP client |
|
MAC Address |
MAC address of the DHCP client |
|
Lease |
Lease period left (in seconds) |
|
VLAN |
VLAN where the port connecting the DHCP client resides |
|
Interface |
Port to which the DHCP client is connected |
Syntax
display dhcp-snooping information { all | interface interface-type interface-number }
View
Any view
Default Level
1: Monitor level
Parameters
all: Displays the Option 82 configuration information of all Layer 2 Ethernet interfaces.
interface interface-type interface-number: Displays the Option 82 configuration information of a specified interface.
Description
Use the display dhcp-snooping information command to display Option 82 configuration information on the DHCP snooping device.
Examples
# Display the Option 82 configuration information of all interfaces.
<Sysname> display dhcp-snooping information all
Interface: GigabitEthernet1/1/3
Status: Enable
Strategy: Replace
Format: Normal
Interface: Onu1/0/1:1
Status: Disable
Strategy: Keep
Format: Normal
Remote ID format-type: ASCII
User defined:
Remote ID: device001
Syntax
display dhcp-snooping packet statistics
View
Any view
Default Level
1: Monitor level
Parameters
None
Description
Use the display dhcp-snooping packet statistics command to display DHCP packet statistics on the DHCP snooping device.
Examples
# Display DHCP packet statistics on the DHCP snooping device.
<Sysname> display dhcp-snooping packet statistics
DHCP packets received : 100
DHCP packets sent : 200
Packets dropped due to rate limitation : 20
Dropped invalid packets : 0
Syntax
display dhcp-snooping trust
View
Any view
Default Level
1: Monitor level
Parameters
None
Description
Use the display dhcp-snooping trust command to display information about trusted ports.
Related commands: dhcp-snooping trust.
Examples
# Display information about trusted ports.
<Sysname> display dhcp-snooping trust
DHCP Snooping is enabled.
DHCP Snooping trust becomes active.
Interface Trusted
========================= ============
GigabitEthernet1/1/1 Trusted
The above output shows that DHCP snooping is enabled, DHCP snooping trust is active, and port GigabitEthernet1/1/1 is trusted.
Syntax
display onu-protocol [ dhcp-snooping information ]
View
ONU port view
Default Level
2: System level
Parameters
dhcp-snooping information: Displays the information about DHCP-Snooping Option82 supported by the ONU.
Description
Use the display onu-protocol command to display the information about DHCP-Snooping Option82 supported by an ONU that is in up state.
If no parameter is specified, the information about all the protocols that the ONU supports is displayed.
Examples
# Display the information about DHCP-Snooping Option 82 supported by the ONU.
<Sysname> system-view
[Sysname] interface onu 1/0/1:1
[Sysname-Onu1/0/1:1] display onu-protocol dhcp-snooping information
Protocol name: DHCP snooping information
Protocol status: enabled
Syntax
onu-protocol { dhcp-snooping | dhcp-snooping information } enable
undo onu-protocol { dhcp-snooping | dhcp-snooping information } enable
View
ONU port view
Default Level
2: System level
Parameters
dhcp-snooping: Enables DHCP-Snooping for the ONU.
dhcp-snooping information: Enables DHCP-Snooping Option82 for the ONU.
Description
Use the onu-protocol enable command to enable DHCP-Snooping, or DHCP-Snooping Option82 for the ONU.
Use the undo onu-protocol enable command to disable the specified feature(s).
By default,DHCP-Snooping,and DHCP-Snooping Option82 are disabled for the ONU.
Examples
# Enable DHCP snooping on the ONU.
<Sysname> system-view
[Sysname] interface onu 1/0/1:1
[Sysname-Onu1/0/1:1] onu-protocol dhcp-snooping enable
# Enable DHCP-Snooping Option82 on the ONU.
<Sysname> system-view
[Sysname] interface onu 1/0/1:1
[Sysname-Onu1/0/1:1] onu-protocol dhcp-snooping information enable
Syntax
reset dhcp-snooping { all | ip ip-address }
View
User view
Default Level
2: System level
Parameters
all: Clears all DHCP snooping binding information.
ip ip-address: Clears the DHCP snooping binding information of the specified IP address.
Description
Use the reset dhcp-snooping command to clear DHCP snooping binding information.
Examples
# Clear all DHCP binding information.
<Sysname> reset dhcp-snooping all
Syntax
reset dhcp-snooping packet statistics
View
User view
Default Level
2: System level
Parameters
None
Description
Use the reset dhcp-snooping packet statistics command to clear DHCP packet statistics on the DHCP snooping device.
Examples
# Clear DHCP packet statistics on the DHCP snooping device.
<Sysname> reset dhcp-snooping packet statistics
