Configuration

OcNOS-RON-6.3.1 : System Management Guide : System Management Configuration Guide : DHCP Snooping IP Source Guard : Configuration

Configuration

#configure terminal	Enter the configure mode
(config)#bridge 1 protocol ieee vlan-bridge	Create IEEE VLAN bridge 1.
(config)#vlan 2 bridge 1 state enable	Create VLAN 2.
(config)#ip dhcp snooping bridge 1	Configure DHCP snooping for bridge 1
(config)#ip dhcp snooping information option bridge 1	Configure DHCP snooping information option 82
(config)#ip dhcp snooping ratelimit 0 bridge 1	Configure DHCP snooping ratelimit. Default value is 100
(config)#ip dhcp snooping vlan 2 bridge 1	Configure DHCP snooping for vlan 2 for bridge 1
(config)#ip dhcp snooping verify mac-address bridge 1	Configure DHCP snooping verify mac-address
(config)#interface xe2	Enter Interface Mode
(config-if)#switchport	Configure the interface as Layer 2
(config-if)#bridge-group 1	Associate the interface with bridge group 1.
(config-if)#switchport mode access	Set the Layer2 interface as Access. (It can be Trunk mode also)
(config-if)#switchport access vlan 2	Set the default VLAN for the interface
(config-if)#ip dhcp snooping trust	Configuring the interface as Trust. Basically this is configured on the interface which is connected to Server Side.
(config-if)#exit	Exit interface mode.
(config)#interface xe1	Enter Interface Mode
(config-if)#switchport	Configure the interface as Layer 2
(config-if)#bridge-group 1	Associate the interface with bridge group 1.
(config-if)#switchport mode access	Set the Layer2 interface as Access. (It can be Trunk mode also)
(config-if)#switchport access vlan 2	Set the default VLAN for the interface
(config-if)#ip verify source dhcp-snooping-vlan	Configuring IP source guard at Interface level and configured on the interface which is connected to client side
(config-if)#ip verify source access-group mode merge	Merge IPSG policy with other ACL
(config-if)#exit	Exit interface mode
(config)#ip dhcp snooping binding bridge 1 0011.1111.2222 2 ipv4 1.1.1.1 xe1	Configure Ipv4 Static Entry For DHCP snooping with MAC address and Source Address for an interface and vlan configured
(config)#ip dhcp snooping binding bridge 1 0022.2222.3333 2 ipv6 3ffe::1 xe1	Configure Ipv6 Static Entry For DHCP snooping with MAC address and Source Address for an interface and vlan configured
(config)#exit	Exit config mode
#clear ip dhcp snooping binding bridge 1	Clear DHCP binding tables which are learned dynamically

Validation

Verify that DHCP snooping is enabled on the bridge:

#sh ip dhcp snooping bridge 1

Bridge Group : 1

DHCP snooping is : Enabled

DHCP snooping option82 is : Enabled

Verification of hwaddr field is : Enabled

Rate limit (pps) : 0

DHCP snooping is configured on following VLANs : 2

DHCP snooping is operational on following VLANs : 2

DHCP snooping trust is configured on the following Interfaces

Interface Trusted

--------------- -------

xe2 Yes

DHCP snooping IP Source Guard is configured on the following Interfaces

Interface Source Guard

--------------- ------------

xe1 Yes

Last modified date: 07-14-2023