OcNOS DC : System Management Guide : Security Management Command Reference : DHCP Snooping Commands
DHCP Snooping Commands
This chapter describe the commands for DHCP snooping.
debug ip dhcp snooping
Use this command to enable the debugging DHCP snooping.
Use the no parameter to disable the debug options.
Command Syntax
debug ip dhcp snooping (event|rx|tx|packet|all)
no debug ip dhcp snooping (event|rx|tx|packet|all)
Parameters
event
Enable event debugging
rx
Enable receive debugging
tx
Enable transmit debugging
packet
Enable packet debugging
all
Enable all debugging
Default
By default all debugging options are disabled.
Command Mode
Exec mode and configure mode
Applicability
This command was introduced in OcNOS version 5.0.
Example
#debug ip dhcp snooping all
#no debug ip dhcp snooping packet
ip dhcp snooping binding bridge
Use this command to create a static DHCP snooping entry.
Use the no form of this command to delete the snoop entry created.
Command Syntax
ip dhcp snooping binding bridge <1-32> <XXXX.XXXX.XXXX> <1-4094> < ipv4> < A.B.C.D> <IFNAME>
no ip dhcp snooping binding bridge <1-32> <XXXX.XXXX.XXXX> <1-4094> < ipv4>
ip dhcp snooping binding bridge <1-32> <XXXX.XXXX.XXXX> <1-4094> < ipv6> < X:X::X:X > <IFNAME>
no ip dhcp snooping binding bridge <1-32> <XXXX.XXXX.XXXX> <1-4094> < ipv6>
Parameters
<1-32>
Bridge number
XXXX.XXXX.XXXX
MAC address in HHHH.HHHH.HHHH format
<1-4094>
VLAN ID
ipv4
IPv4 protocol
ipv6
IPv6 protocol
A.B.C.D
IPv4 address type
X:X::X:X
IPv6 Address
Default
None
Command Mode
Configure mode
Applicability
This command is introduced in OcNOS version 5.0.
Example
OcNOS(config)#ip dhcp snooping binding bridge 1 0000.0000.0001 10 ipv4 10.1.1.1 ce1
OcNOS(config)#comm
OcNOS(config)#ip dhcp snooping binding bridge 1 0000.0000.0002 10 ipv6 1000::2 ce1
OcNOS(config)#comm
OcNOS(config)#end
OcNOS#show ip dhcp snooping binding bridge 1
 
Total number of static IPV4 entries : 1
Total number of dynamic IPV4 entries : 0
Total number of static IPV6 entries : 1
Total number of dynamic IPV6 entries : 0
 
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- ------------------
0000.0000.0001 10.1.1.1 0 static 10 ce1
0000.0000.0002 1000::2 0 static 10 ce1
 
OcNOS#
cNOS(config)#no ip dhcp snooping binding bridge 1 0000.0000.0001 10 ipv4
 
ip dhcp snooping database
Use this command to write the entries in the binding table to persistent storage.
Command Syntax
ip dhcp snooping database bridge <1-32>
Parameters
<1-32>
Bridge number
Default
No default value is specified.
Command Mode
Privileged Exec Mode and Exec mode
Applicability
This command was introduced in OcNOS version 5.0.
Example
#ip dhcp snooping database bridge 1
 
 
 
renew ip dhcp snooping binding database
Use this command to populate the binding table by fetching the binding entries from persistent storage.
Command Syntax
renew ip dhcp snooping (source|) binding database bridge <1-32>
Parameters
<1-32>
Bridge number
source
IP source guard
Default
No default value is specified.
Command Mode
Privileged Exec Mode and Exec mode
Applicability
This command was introduced in OcNOS version 5.0.
Example
#renew ip dhcp snooping binding database bridge 1
 
show debugging ip dhcp snooping
Use this command to display the enabled debugging options.
Command Syntax
show debugging ip dhcp snooping
Parameters
None
Command Mode
Privileged Exec Mode and Exec mode
Applicability
This command was introduced in OcNOS version 5.0.
Example
#show debugging ip dhcp snooping
DHCP snoop debugging status:
DHCP snoop event debugging is on
DHCP snoop tx debugging is on
show ip dhcp snooping arp-inspection statistics bridge
Use this command to show dhcp dynamic ARP inspection related statistics on bridge.
Command Syntax
show ip dhcp snooping arp-inspection statistics bridge <1-32>
Parameters
<1-32>
Bridge number.
Command Mode
Exec mode
Applicability
This command was introduced in OcNOS version 5.0.
Examples
#show ip dhcp snooping arp-inspection statistics bridge 1
 
bridge forwarded dai dropped
------ --------- -----------
1 9 1
Table P‑3-1 explains the fields in the output.
Table 3-1: show ip dhcp snooping arp-inspection statistics bridge fields 
Field
Description
bridge
Bridge number.
forwarded
Number of forwarded packets.
dai dropped
Number of dropped packets.
 
show ip dhcp snooping bridge
Use this command to display the DHCP configuration, including trusted ports, configured VLAN, active VLAN, and strict validation status.
Command Syntax
show ip dhcp snooping bridge <1-32>
Parameters
<1-32>
Bridge number
Command Mode
Exec mode
Applicability
This command was introduced in OcNOS version 5.0.
Example
#show ip dhcp snooping bridge 1
 
Bridge Group : 1
DHCP snooping is : Enabled
DHCP snooping option82 is : Disabled
Verification of hwaddr field is : Disabled
Strict validation of DHCP packet is : Disabled
DB Write Interval(secs) : 300
DHCP snooping is configured on following VLANs : 20,30
DHCP snooping is operational on following VLANs : 20,30
 
DHCP snooping trust is configured on the following Interfaces
 
Interface Trusted
--------------- -------
xe1 Yes
 
DHCP snooping IP Source Guard is configured on the following Interfaces
 
Interface Source Guard
--------------- ------------
Table P‑3-2 explains the fields in the output.
Table 3-2: show ip dhcp snooping bridge fields 
Field
Description
Bridge Group
Bridge number
DHCP snooping is
Whether DHCP snooping is enabled
DHCP snooping option82 is
Whether DHCP snooping option 82 is enabled
Verification of hwaddr field is
Whether verification of hwaddr field is enabled
Strict validation of DHCP packet is
Whether strict validation of DHCP packets is enabled
DB Write Interval(secs)
Database write interval in seconds
DHCP snooping is configured on following VLANs
VLANs on which DHCP snooping is enabled
DHCP snooping is operational on following VLANs
VLANs on which DHCP snooping is operating
Interface
Interface name
Trusted
Whether DHCP snooping trust is enabled on the interface
Source Guard
Whether DHCP snooping IP source guard is enabled on the interface
 
show ip dhcp snooping binding bridge
Use this command to display the DHCP snooping binding table.
Command Syntax
show ip dhcp snooping binding bridge <1-32>
Parameters
<1-32>
Bridge number
Command Mode
Exec mode
Applicability
This command was introduced in OcNOS version 5.0.
Example
#show ip dhcp snooping binding bridge 1
 
Total number of static IPV4 entries : 0
Total number of dynamic IPV4 entries : 2
Total number of static IPV6 entries : 0
Total number of dynamic IPV6 entries : 0
 
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- --------------
3cfd.fe0b.06e0 12.12.12.10 30 dhcp-snooping 20 xe12
 
3cfd.fe0b.06e0 30.30.30.30 480 dhcp-snooping 30 xe12
 
 
Table P‑3-3 explains the output .
Table 3-3: show ip dhcp snooping binding bridge fields
Field
Description
Total number of static IPV4 entries
Number of static IPV4 entries.
Total number of dynamic IPV4 entries
Number of dynamic IPV4 entries.
Total number of static IPV6 entries
Number of static IPV6 entries.
Total number of dynamic IPV6 entries
Number of dynamic IPV6 entries .
MacAddress
MAC address of the interface.
IP Address
IP address of the peer device.
Lease (sec)
DHCP lease time in seconds provided to untrusted IP addresses.
Type
Configured either statically or dynamically by the DHCP server.
VLAN
Identifier of the number.
Interface
Interface is being snooped.