Purpose
Command or Action
switch# configure terminal
switch(config)#
Enables DHCP snooping on the VLANs specified by
vlan-list
. The
no
form of this command disables DHCP
snooping on the VLANs specified.
[
no
]
ip dhcp snooping vlan vlan-list
Example:
switch(config)# ip dhcp snooping vlan
100,200,250-252
Step 2
Displays the DHCP configuration.
(Optional)
show running-config dhcp
Example:
Step 3
switch(config)# show running-config dhcp
Copies the running configuration to the startup
configuration.
(Optional)
copy running-config startup-config
Example:
Step 4
switch(config)# copy running-config startup-config
Enabling or Disabling DHCP Snooping MAC Address Verification
You can enable or disable DHCP snooping MAC address verification. If the device receives a packet on an
untrusted interface and the source MAC address and the DHCP client hardware address do not match, address
verification causes the device to drop the packet. MAC address verification is enabled by default.
Before you begin
Make sure that the DHCP feature is enabled.
SUMMARY STEPS
1.
configure terminal
2.
[
no
]
ip dhcp snooping verify mac-address
3.
(Optional)
show running-config dhcp
4.
(Optional)
copy running-config startup-config
DETAILED STEPS
Purpose
Command or Action
Enters global configuration mode.
configure terminal
Example:
Step 1
switch# config t
switch(config)#
Enables DHCP snooping MAC address verification. The
no
form of this command disables MAC address
verification.
[
no
]
ip dhcp snooping verify mac-address
Example:
switch(config)# ip dhcp snooping verify mac-address
Step 2
Displays the DHCP configuration.
(Optional)
show running-config dhcp
Example:
Step 3
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
340
Configuring DHCP
Enabling or Disabling DHCP Snooping MAC Address Verification