/
Configuring DHCP Snooping

Configuring DHCP Snooping

Owned by Tracy Yang (Unlicensed)
Dec 16, 2018

DHCP snooping creates a mapping table, which includes the IP address, the MAC address, and the port number. DHCP snooping is disabled by default. The steps below explain how to enable DHCP snooping and configure the DHCP snooping binding file, trust port (by default the port is untrusted), and timeout functions.

Procedure

Step 1.   Enable DHCP snooping function.

       set protocols dhcp snooping disable {true | false}

Step 2.   Configure DHCP snooping on a VLAN.

       set protocols dhcp snooping vlan {<vlan-id> | all}

NOTE:

DHCP snooping should be enabled in the VLAN, it takes effect only on DHCP messages received from interfaces that are belonging to this VLAN.

Step 3.   Configure the interface connected to the DHCP server as DHCP snooping trusted interface.

       set protocols dhcp snooping port <interface-name> trust {true | false}

NOTE:

  • By default the port is untrusted.
  • When the DHCP snooping is enabled in a VLAN without configuring the trust interface, the DHCP packets received from the DHCP server in this VLAN will be dropped.

  • The DHCP Discover/Request packets can be forwarded through the trust port only.

  • Only the trust port can receive DHCP Offer/Ack packets.

  • The DHCP Offer/Ack packets will be discarded if there is no corresponding host entry in the DHCP snooping binding table.

  • The DHCP packets received from the trust port but not belonging to this VLAN will not be processed by DHCP snooping and will be processed and forwarded as ordinary packets.

Step 4.    (Optional) Configure the DHCP snooping binding file and the value of timeout.

       set protocols dhcp snooping binding file <file> 
       set protocols dhcp snooping binding timeout <time>

Configuration example

Networking Requirements

    • Configure the ge-1/1/1 interface and ge-1/1/2 interface to VLAN 2.
    • Enable DHCP snooping on VLAN 2 and configure the interface connected to the DHCP server as the DHCP snooping trusted interface.

 


Procedure

Step 1.   Configure VLAN.

       admin@XorPlus# set vlans vlan-id 2
       admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 2
       admin@XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 2

Step 2.   Enable DHCP snooping function.

admin@XorPlus#set protocols dhcp snooping disable false

Step 3.   Configure DHCP snooping on VLAN 2.

       admin@XorPlus#set protocols dhcp snooping vlan 2

Step 4.   Configure the interface connected to the DHCP server as DHCP snooping trusted interface.

       admin@XorPlus# set protocols dhcp snooping port ge-1/1/2 trust true

Step 5.   (Optional) Configure /tmp/run/dhcp_bind as the DHCP snooping binding file and the value of timeout is 8.

      admin@XorPlus# set protocols dhcp snooping binding file /tmp/run/dhcp_bind
      admin@XorPlus# set protocols dhcp snooping binding timeout 8

Step 6.  Commit the configuration.

      admin@XorPlus# commit

Step 7.  Verify the configuration.

  • After the configuration is complete, run the show protocols dhcp snooping command to view the configuration of DHCP snooping.

             admin@Xorplus# show protocols dhcp snooping

             snooping {         

                disable: false

              }

  • Run the run show dhcp snooping command to view the DHCP snooping binding table.

      admin@XorPlus# run show dhcp snooping
      Total count: 1
      MAC Address       IP Address            Port        VLAN ID VLAN Interface
      ---------------------   ------------------- ---------------- ------------- --------------------
     00:1d:09:fa:a1:b4 192.168.1.10     ge-1/1/1            2        

     The VLAN Interface has value when DHCP relay is configured to the VLAN interface, otherwise the value is null.

 

Copyright © 2025 Pica8 Inc. All Rights Reserved.