C
OMMAND
L
INE
I
NTERFACE
4-274
Command Usage
• An untrusted interface is an interface that is configured to receive
messages from outside the network or firewall. A trusted interface is
an interface that is configured to receive only messages from within
the network.
• When DHCP snooping enabled globally using the
ip dhcp snooping
command (page 4-270), and enabled on a VLAN with this command,
DHCP packet filtering will be performed on any untrusted ports
within the VLAN according to the default status, or as specifically
configured for an interface with the no
ip dhcp snooping trust
command.
• When an untrusted port is changed to a trusted port, all the dynamic
DHCP snooping bindings associated with this port are removed.
• Additional considerations when the switch itself is a DHCP client –
The port(s) through which it submits a client request to the DHCP
server must be configured as trusted.
Example
This example sets port 5 to untrusted.
Related Commands
ip dhcp snooping (4 -270)
ip dhcp snooping vlan (4 -272)
ip dhcp snooping verify mac-address
This command verifies the client’s hardware address stored in the DHCP
packet against the source MAC address in the Ethernet header. Use the
no
form to disable this function.
Syntax
[no] ip dhcp snooping verify mac-address
Default Setting
Enabled
Console(config)#interface ethernet 1/5
Console(config-if)#no ip dhcp snooping trust
Console(config-if)#
Содержание 6128L2
Страница 2: ......
Страница 21: ...CONTENTS xvii Glossary Index ...
Страница 22: ...CONTENTS xviii ...
Страница 26: ...TABLES xxii ...
Страница 40: ...INTRODUCTION 1 10 ...
Страница 54: ...INITIAL CONFIGURATION 2 14 ...
Страница 193: ...PORT CONFIGURATION 3 139 Figure 3 61 Displaying Etherlike and RMON Statistics ...
Страница 257: ...QUALITY OF SERVICE 3 203 Figure 3 90 Configuring Policy Maps ...
Страница 313: ...COMMAND GROUPS 4 13 PE Privileged Exec VC VLAN Database Configuration ...
Страница 592: ...TROUBLESHOOTING B 4 ...
Страница 605: ......