Download pdf - DHCP Commands - Cisco - Global Home Page...dhcp ipv4 none TodisableDHCPsnoopingonaspecificport,usethedhcpipv4nonecommandinl2vpnbridgegroup bridge-domaininterfaceconfigurationmode

DHCP Commands

This chapter describes the Cisco IOS XR software commands used to configure and monitor Dynamic HostConfiguration Protocol (DHCP) features on Cisco ASR 9000 Series Aggregation Services Routers.

For detailed information about DHCP concepts, configuration tasks, and examples, refer to theCisco ASR 9000 Series Aggregation Services Router Addresses and Services Configuration Guide.

• clear dhcp ipv4 snoop binding, page 2

• dhcp ipv4, page 3

• dhcp ipv4 none, page 4

• giaddr policy, page 5

• helper-address, page 7

• profile (VRRP), page 9

• relay information check, page 12

• relay information option, page 14

• relay information option allow-untrusted, page 16

• relay information policy, page 18

• show dhcp ipv4 relay profile, page 20

• show dhcp ipv4 relay profile name, page 21

• show dhcp ipv4 relay statistics, page 22

• show dhcp ipv4 snoop binding, page 24

• show dhcp ipv4 snoop statistics, page 26

• trusted, page 28

• vrf (relay profile), page 30

Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference, Release 4.0

OL-23232-02 1

clear dhcp ipv4 snoop bindingTo clear snoop bindings, use the clear dhcp ipv4 snoop binding command in EXEC mode.

clear dhcp ipv4 snoop binding [bridge-domain name] [mac-address mac-address]

Syntax Description (Optional) Clears DHCP snoop bindings for a specific bridge domain.bridge-domain

(Optional) Bridge domain namename

(Optional) Clears DHCP snoop bindings for a specified MAC address.mac-address

(Optional) MAC address.mac-address

Command Default Clears all snoop bindings.

Command Modes EXEC

Command History ModificationRelease

This command was introduced.Release 3.7.2

Usage Guidelines To use this command, you must be in a user group associated with a task group that includes the proper taskIDs. If you suspect user group assignment is preventing you from using a command, contact your AAAadministrator for assistance.

Task ID OperationsTask ID

read, writeip-services

Examples The following is an example of the clear dhcp snoop binding command removing binding for bridge domainISP1:

RP/0/RSP0/CPU0:router# clear dhcp ipv4 snoop binding bridge-domain ISP1

Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference, Release4.0

2 OL-23232-02

DHCP Commandsclear dhcp ipv4 snoop binding

dhcp ipv4To enable Dynamic Host Configuration Protocol (DHCP) for IPv4 and to enter DHCP IPv4 configurationmode, use the dhcp ipv4 command in global configuration mode. To disable DHCP for IPv4 and exit theDHCP IPv4 configuration mode, use the no form of this command.

dhcp ipv4

no dhcp ipv4

Syntax Description This command has no arguments or keywords.

Command Modes No default behavior or values

Command Modes Global configuration



Usage Guidelines Use the dhcp ipv4 command to enter DHCP IPv4 configuration mode.



Examples The following example shows how to enable DHCP for IPv4:

RP/0/RSP0/CPU0:router# dhcp ipv4RP/0/RSP0/CPU0:router(config-dhcpv4)#

Related Commands DescriptionCommand

Specifies a relay profile on an interface.interface (relay profile)

Configures a relay profile for the DHCP IPv4component.

profile (VRRP), page 9

Specifies a relay profile on a VRF.vrf (relay profile), page 30


OL-23232-02 3

DHCP Commandsdhcp ipv4

dhcp ipv4 noneTo disable DHCP snooping on a specific port, use the dhcp ipv4 none command in l2vpn bridge groupbridge-domain interface configuration mode.

dhcp ipv4 none


Command Default No default behavior or values

Command Modes l2vpn bridge group bridge-domain interface configuration






Examples The following example shows how to disable DHCP snooping on GigabitEthernet interface 0/0/0/0:

RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface gigabitethernet 0/0/0/0RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-if)# dhcp ipv4 none


Displays DHCP relay agent status specific to a relayprofile.

show dhcp ipv4 snoop binding, page 24


4 OL-23232-02

DHCP Commandsdhcp ipv4 none

giaddr policyTo configure how Dynamic Host Configuration Protocol (DHCP) IPv4 Relay processes BOOTREQUESTpackets that already contain a nonzero giaddr attribute, use the giaddr policy command in DHCP IPv4 profilerelay configuration submode. To restore the default giaddr policy, use the no form of this command.

giaddr policy {replace| drop}

no giaddr policy {replace| drop}

Syntax Description Replaces the existing giaddr value with a value that it generates.replace

Drops the packet that has an existing nonzero giaddr value.drop

Command Default DHCP IPv4 relay retains the existing nonzero giaddr value in the DHCP IPv4 packet received from a clientvalue .

Command Modes DHCP IPv4 profile relay configuration



Usage Guidelines The giaddr policy command affects only the packets that are received from a DHCP IPv4 client that have anonzero giaddr attribute.



Examples The following example shows how to use the giaddr policy command:

RP/0/RSP0/CPU0:router# configRP/0/RSP0/CPU0:router(config)# dhcp ipv4RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relayRP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# giaddr policy drop


OL-23232-02 5

DHCP Commandsgiaddr policy


Enables DHCP for IPv4 and enters DHCP IPv4configuration mode.

dhcp ipv4, page 3

Configures the DHCP relay agent to relay packets toa specific DHCP Server.

helper-address, page 7




Configures a DHCP server to validate the relay agentinformation option in forwarded BOOTREPLYmessages.

relay information check, page 12

Enables the system to insert a DHCP relay agentinformation option in forwarded BOOTREQUESTmessages to a DHCP server.

relay information option, page 14

Configures the DHCP component to not dropBOOTREQUEST messages that have the relayinformation option set and the giaddr set to zero.

relay information option allow-untrusted, page 16

Configures how a relay agent processesBOOTREQUEST messages that already contain arelay information option.

relay information policy, page 18


6 OL-23232-02

DHCP Commandsgiaddr policy

helper-addressTo configure the Dynamic Host Configuration Protocol (DHCP) IPv4 relay agent to relay BOOTREQUESTpackets to a specific DHCP server, use the helper-address command in the DHCP IPv4 profile relayconfiguration submode. Use the no form of this command to clear the address. Up to eight helper addressescan be configured.

helper-address [vrf vrf-name ] [address]

helper-address [vrf vrf-name ] [address]

Syntax Description (Optional) Specifies a particular VRF.vrf - vrf vrf name

IPv4 IP address in four part, dotted decimal format.address

Command Default Helper address is not configured.

Command Modes DHCP IPv4 profile relay configuration






Examples The following example shows how to set the helper-address for a VRF using the helper-address command:

RP/0/RSP0/CPU0:router# configRP/0/RSP0/CPU0:router(config)# dhcp ipv4RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relayRP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# helper-address vrf v1 10.10.10.1


OL-23232-02 7

DHCP Commandshelper-address


Enables Dynamic Host Configuration Protocol(DHCP) for IPv4 and enters DHCP IPv4 configurationmode.

dhcp ipv4, page 3

Configures how a relay agent processesBOOTREQUEST messages that already contain anonzero giaddr attribute.

giaddr policy, page 5














8 OL-23232-02

DHCP Commandshelper-address

profile (VRRP)To configure a DHCP relay profile or a DHCP snooping profile for the Dynamic Host Configuration Protocol(DHCP) IPv4 component and to enter the profile mode, use the profile command in DHCP IPv4 configurationmode. To disable this feature and exit the profile mode, use the no form of this command.

profile name{relay | snoop}

noprofile name{relay | snoop}

Syntax Description Name that uniquely identifies the relay or snoop profile.profile-name

Configures a DHCP relay profile. A DHCP relay agent is a host that forwards DHCP packetsbetween clients and servers. When the clients and servers are not on the same physical subnet,the relay agents are used to forward requests and replies between them.

relay

A DHCP relay agent is any host that forwards DHCP packets between clients and servers.Relay agents are used to forward requests and replies between clients and servers when theyare not on the same physical subnet. Relay agent forwarding is distinct from the normalforwarding of an IP router, where IP datagrams are switched between networks rathertransparently. By contrast, relay agents receive DHCPmessages and then generate a newDHCPmessage to send out on another interface. The relay agent sets the gateway IP address (giaddrfield of the DHCP packet) and, if configured, adds the relay agent information option (option82)in the packet and forwards it to the DHCP server. The reply from the server is forwarded backto the client after removing option 82.

The Cisco IOS DHCP relay agent supports the use of unnumbered interfaces, including use ofsmart relay agent forwarding. For DHCP clients connected through the unnumbered interfaces,the DHCP relay agent automatically adds a static host route once the DHCP client obtains anaddress, specifying the unnumbered interface as the outbound interface. The route isautomatically removed once the lease time expires or when the client releases the address.

Configures a DHCP snoop profile. DHCP snooping is a DHCP security feature that providessecurity by filtering untrusted DHCP messages and by building and maintaining a DHCPsnooping binding table.

snoop

DHCP snooping is a DHCP security feature that provides security by filtering untrusted DHCPmessages and by building and maintaining a DHCP snooping binding table. An untrustedmessage is a message that is received from outside the network or firewall and that can causetraffic attacks within your network.

The DHCP snooping binding table contains the MAC address, IP address, lease time, bindingtype, VLAN number, and interface information that corresponds to the local untrusted interfacesof a switch. It does not contain information regarding hosts interconnected with a trustedinterface. An untrusted interface is an interface that is configured to receive messages fromoutside the network or firewall. A trusted interface is an interface that is configured to receiveonly messages from within the network.

DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also givesyou a way to differentiate between untrusted interfaces connected to the end-user and trustedinterfaces connected to the DHCP server or another switch.


OL-23232-02 9

DHCP Commandsprofile (VRRP)


Command Modes DHCP IPv4 configuration






Examples The following example shows how to use the profile command for a relay profile:

RP/0/RSP0/CPU0:router(config)# dhcp ipv4RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay


Enters DHCP IPv4 configuration mode.dhcp ipv4, page 3



Configures the DHCP relay agent to relay packets toa specific DHCP server.








10 OL-23232-02


DescriptionCommand







OL-23232-02 11


relay information checkTo configure a DynamicHost Configuration Protocol (DHCP) IPv4 Relay to validate the relay agent informationoption in forwarded BOOTREPLY messages, use the relay information check command in DHCP IPv4relay profile configuration submode. To disable this feature, use the no form of this command.

relay information check

no relay information check


Command Default DHCP validates the relay agent information option.

Command Modes DHCP IPv4 relay profile configuration






read, writebasic-services

Examples The following example shows how to use the relay information check command:RP/0/RSP0RP/0/RSP0/CPU0:router#configRP/0/RSP0/CPU0:router(config)# dhcp ipv4RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relayRP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# relay information check


Configures a relay agent to only broadcast DHCPIPv4 BOOTREPLYmessages to a client, if the DHCPIPv4 broadcast flag is set in the DHCP IPv4 header.

broadcast-flag policy check


12 OL-23232-02

DHCP Commandsrelay information check

DescriptionCommand


dhcp ipv4, page 3















OL-23232-02 13

DHCP Commandsrelay information check

relay information optionTo configure Dynamic Host Configuration Protocol (DHCP) IPv4 relay or DHCP snooping Relay to insertrelay agent information option in forwarded BOOTREQUEST messages to a DHCP server, use the relayinformation option command in DHCP IPv4 relay profile relay configuration or DHCP IPv4 profile snoopsubmode. To disable inserting relay information into forwarded BOOTREQUEST messages, use the no formof this command.

relay information option

no relay information option



Command Modes DHCP IPv4 relay profile relay configuration

DHCP IPv4 profile snoop configuration



Usage Guidelines The relay information option command automatically adds the circuit identifier suboption and the remoteID suboption to the DHCP relay agent information option.

The relay information option command enables a DHCP server to identify the user (for example, cableaccess router) sending the request and initiate appropriate action based on this information. By default, DHCPdoes not insert relay information.

If the information option command is enabled, DHCP snooping mode does not set the giaddr field in theDHCP packet.

The upstream DHCP server or DHCP relay interface must be configured to accept this type of packet usingthe relay information option allow-untrusted configuration. This configuration prevents the server or relayfrom dropping the DHCP message.





14 OL-23232-02

DHCP Commandsrelay information option

Examples The following example shows how to use the relay information option command:

RP/0/RSP0/CPU0:router# configRP/0/RSP0/CPU0:router(config)# dhcp ipv4RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relayRP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# relay information option





dhcp ipv4, page 3











Configures how a relay agent processesBOOTREQUEST messages that already containarelay information option.




OL-23232-02 15

DHCP Commandsrelay information option

relay information option allow-untrustedTo configure the Dynamic Host Configuration Protocol (DHCP) IPv4 relay or DHCP snooping Relay notto drop discard BOOTREQUEST packets that have the relay information option set and the giaddr set tozero, use the relay information option allow-untrusted command in DHCP IPv4 relay profile configurationsubmode or DHCP IPv4 profile snoop configuration submode . . To restore the default behavior, which isto discard the BOOTREQUEST packets that have the relay information option and set the giaddr set tozero, use the no form of this command.

relay information option allow-untrusted

no relay information option allow-untrusted


Command Default The packet is dropped if the relay information is set and the giaddr is set to zero.

Command Modes DHCP IPv4 relay profile relay configuration

DHCP IPv4 profile snoop configuration




According to RFC 3046, relay agents (and servers) receiving a DHCP packet from an untrusted circuit withgiaddr set to zero but with a relay agent information option already present in the packet shall discard thepacket and increment an error count. This configuration prevents the server or relay from dropping the DHCPmessage.




Examples The following example shows how to use the relay information option allow-untrusted command:

RP/0/RSP0/CPU0:router# configRP/0/RSP0/CPU0:router(config)# dhcp ipv4


16 OL-23232-02

DHCP Commandsrelay information option allow-untrusted

RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relayRP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# relay information option allow-untrusted





dhcp ipv4, page 3











Configures how a relay agent processesBOOTREQUEST messages that already containarelay information option.




OL-23232-02 17

DHCP Commandsrelay information option allow-untrusted

relay information policyTo configure how the Dynamic Host Configuration Protocol (DHCP) IPv4 relay Relay processesBOOTREQUEST packets that already contain a relay information option, use the relay information policycommand in DHCP IPv4 profile relay profile configuration submode. To restore the default relay informationpolicy, use the no form of this command.

relay information policy {drop| keep}

no relay information policy {drop| keep}

Syntax Description Directs the DHCP IPv4 Relay to discard BOOTPREQUEST packets with the existingrelay information option.

drop

Directs the DHCP IPv4 Relay not to discard a BOOTPREQUEST packet that is receivedwith an existing relay information option and to keep the existing relay information optionvalue.

keep

Command Default The DHCP IPv4 Relay does not discard a BOOTPREQUEST packet that has an existing relay informationoption. The option and the existing relay information option value is replaced.

Command Modes DHCP IPv4 relay profile configuration







Examples The following is an example of the relay information policy command:

RP/0/RSP0/CPU0:router# configRP/0/RSP0/CPU0:router(config)# dhcp ipv4


18 OL-23232-02

DHCP Commandsrelay information policy

RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relayRP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# relay information policy keep





dhcp ipv4, page 3
















OL-23232-02 19

DHCP Commandsrelay information policy

show dhcp ipv4 relay profileTo display Dynamic Host Configuration Protocol (DHCP) relay agent status, use the show dhcp ipv4 relayprofile command in EXEC mode.

show dhcp ipv4 relay profile



Command Modes EXEC




This command displays the relay profiles created for DHCP IPv4.


readip-services

Examples The following is sample output from the show dhcp ipv4 relay profile command:

RP/0/RSP0/CPU0:router# show dhcp ipv4 relay profile

DHCP IPv4 Relay Profiles--------------------------r1r2


Displays Dynamic Host Configuration Protocol(DHCP) relay agent status, specific to a relay profile.

show dhcp ipv4 relay profile name, page 21


20 OL-23232-02

DHCP Commandsshow dhcp ipv4 relay profile

show dhcp ipv4 relay profile nameTo display Dynamic Host Configuration Protocol (DHCP) relay agent status, specific to a relay profile, usethe show dhcp ipv4 relay profile name command in EXEC mode.

show dhcp ipv4 relay profile [name]

Syntax Description (Optional) Name that uniquely identifies the relay profile.name

Command Default If name is not specified, displays a list of configured DHCP profile names.

No default behavior or values

Command Modes EXEC





readip-services

Examples The following is sample output from the show dhcp ipv4 relay profile name command:

RP/0/RSP0/CPU0:router# show dhcp ipv4 relay profile name r1

DHCP IPv4 Relay Profile r1:

Helper Addresses:10.10.10.1, vrf defaultInformation Option: DisabledInformation Option Allow Untrusted: DisabledInformation Option Policy: ReplaceInformation Option Check: DisabledGiaddr Policy: KeepBroadcast-flag Policy: Ignore

VRF References:defaultInterface References:FINT0_RSP1_CPU0MgmtEth0_RSP1_CPU0_0


OL-23232-02 21

DHCP Commandsshow dhcp ipv4 relay profile name

show dhcp ipv4 relay statisticsTo display the Dynamic Host Configuration Protocol (DHCP) IPv4 relay agent packet statistics informationfor VPN routing and forwarding (VRF) instances, use the show dhcp ipv4 relay statistics command in EXECmode.

show dhcp [vrf {vrf-name| default}] ipv4 relay statistics

Syntax Description (Optional) Name that uniquely identifies the VRF.vrf vrf-name

(Optional) Displays the relay statistics information for the default VRF.default


Command Modes EXEC



ID=TaskID_CR

To use this command, you must be in a user group associated with a task group that includes the proper taskIDs. If you suspect user group assignment is preventing you from using a command, contact your AAAadministrator for assistance.


readip-services

Examples The following is sample output from the show dhcp ipv4 relay statistics command when none of the optionalkeywords or arguments are used command :

RP/0/RSP0/CPU0:router# show dhcp ipv4 relay statistics

Bridge | RX | TX | DR |---------------------------------------------------------------------------------------default | 0 | 0 | 0 |


22 OL-23232-02

DHCP Commandsshow dhcp ipv4 relay statistics

The following is sample output from the show dhcp ipv4 relay statistics command using the vrf and defaultkeywords:

RP/0/RSP0/CPU0:router# show dhcp vrf default ipv4 relay statisticsSun Apr 6 07:10:35.873 UTC

DHCP IPv4 Relay Statistics for VRF default:

TYPE | RECEIVE | TRANSMIT | DROP |-------------------------------------------------------------------DISCOVER | 0 | 0 | 0 |OFFER | 0 | 0 | 0 |REQUEST | 0 | 0 | 0 |DECLINE | 0 | 0 | 0 |ACK | 0 | 0 | 0 |NAK | 0 | 0 | 0 |RELEASE | 0 | 0 | 0 |INFORM | 0 | 0 | 0 |LEASEQUERY | 0 | 0 | 0 |LEASEUNASSIGNED | 0 | 0 | 0 |LEASEUNKNOWN | 0 | 0 | 0 |LEASEACTIVE | 0 | 0 | 0 |BOOTP-REQUEST | 0 | 0 | 0 |BOOTP-REPLY | 0 | 0 | 0 |BOOTP-INVALID | 0 | 0 | 0 |


OL-23232-02 23

DHCP Commandsshow dhcp ipv4 relay statistics

show dhcp ipv4 snoop bindingTo show information concerningDHCP snooping bindings, use the show dhcp ipv4 snoop binding commandin EXEC mode.

show dhcp ipv4 snoop binding [mac-address mac-address| summary]

Syntax Description (Optional) Displays the details of DHCP snooping client bindingsassociated with the specified MAC address.

mac-address mac- address

(Optional) displays the total number of DHCP snooping client bindings.summary

Command Default Displays brief information about all DHCP snooping client bindings

Command Modes EXEC





readip-services

Examples The following example shows output from the dhcp ipv4 snoop binding command for all MAC addresses:

RP/0/RSP0/CPU0:router# show dhcp ipv4 snoop bindingSun Apr 6 05:58:07.741 UTC

MAC IP Lease BridgeAddress Address State Remaining Interface Domain-------------- --------------- ---------- ---------- -------------------------------- ---------0000.6402.0102 192.128.0.1 BOUND 2499 Gi0/2/0/20.111 mgmtEth0000.6402.0103 192.128.0.2 BOUND 2499 Gi0/2/0/20.111 mgmtEth0000.6402.0104 192.128.0.3 BOUND 2499 Gi0/2/0/20.111 mgmtEth0000.6402.0105 192.128.0.4 BOUND 2499 Gi0/2/0/20.111 mgmtEth0000.6402.0106 192.128.0.5 BOUND 2499 Gi0/2/0/20.111 mgmtEth0000.6402.0107 192.128.0.6 BOUND 2499 Gi0/2/0/20.111 mgmtEth0000.6402.0108 192.128.0.7 BOUND 2499 Gi0/2/0/20.111 mgmtEth0000.6402.0109 192.128.0.8 BOUND 2499 Gi0/2/0/20.111 mgm:mhd0000.6402.010a 192.128.0.9 BOUND 2499 Gi0/2/0/20.111 mgm:mhd


24 OL-23232-02

DHCP Commandsshow dhcp ipv4 snoop binding

0000.6402.010b 192.128.0.10 BOUND 2499 Gi0/2/0/20.111 mgm:mhd

The following example shows output from the dhcp ipv4 snoop binding command using the optional summarykeyword:

RP/0/RSP0/CPU0:router# show dhcp ipv4 snoop binding summarySun Apr 6 06:45:03.878 UTC

Number of IPv4 DHCP Snoop bindings: 10The following example shows output from the dhcp ipv4 snoop binding command using a specific MACaddress:

RP/0/RSP0/CPU0:router# show dhcp ipv4 snoop binding mac-address 0000.6402.0102Sun Apr 6 06:45:03.878 UTC

MAC Address: 0000.6402.0102IP Address: 192.128.0.1Client ID: 0064Profile: s1State: BOUNDLease (sec): 3600

Remaining (sec): 2833Bridge Domain: mgm:mhdInterface: GigabitEthernet0/2/0/10.111


Clears DHCP snooping bindings.clear dhcp ipv4 snoop binding, page 2

Displays statistics for a specific bridge-domain.show dhcp ipv4 snoop statistics, page 26


OL-23232-02 25

DHCP Commandsshow dhcp ipv4 snoop binding

show dhcp ipv4 snoop statisticsTo display statistics for a specific bridge domain, use the show dhcp ipv4 snoop statistics command in EXECmode.

show dhcp ipv4 snoop statistics [bridge-domain bridge-domain-name]

Syntax Description (Optional) Specifies a specific bridge-domain.bridge-domain bridge-domain- name

Command Default Displays a table of DHCP snooping receive (RX), transmit (TX), and drop (DR) packet statistics for eachbridge domain.

Command Modes EXEC



Usage Guidelines To use this command, you must be in a user group associated with a task group that incoudes the proper taskIDs. If you suspect user group assignment is preventing you from using a command, contact your AAAadministrator for assistance.


readip-services

Examples The following shows output from the show dhcp ipv4 snoop statistics command, showing a table of DHCPsnooping RX, TX, and DR packet statistics for each bridge domain:

RP/0/RSP0/CPU0:router# show dhcp ipv4 snoop statisticsSun Apr 6 05:55:57.524 UTC

Bridge | RX | TX | DR |------------------------------------------------------------------------------------------------mgm:mhd | 964 | 964 | 0 |

The following shows output from the show dhcp ipv4 snoop statistics command, showing a table of DHCPsnooping RX, Tx, and Drop packet statistics for a specific bridge domain:

RP/0/RSP0/CPU0:router# show dhcp ipv4 snoop statistics bridge-domain mgm:mhdSun Apr 6 05:57:03.600 UTC

DNCP IPv4 Snoop Statistics for Bridge mgm:mhd:


26 OL-23232-02

DHCP Commandsshow dhcp ipv4 snoop statistics

TYPE | RECEIVE | TRANSMIT | DROP |-------------------------------------------------------------------DISCOVER | 111 | 111 | 0 |OFFER | 111 | 111 | 0 |REQUEST | 371 | 371 | 0 |DECLINE | 0 | 0 | 0 |ACK | 371 | 371 | 0 |NAK | 0 | 0 | 0 |RELEASE | 0 | 0 | 0 |INFORM | 0 | 0 | 0 |LEASEQUERY | 0 | 0 | 0 |LEASEUNASSIGNED | 0 | 0 | 0 |LEASEUNKNOWN | 0 | 0 | 0 |LEASACTIVE | 0 | 0 | 0 |BOOTP-REQUEST | 0 | 0 | 0 |BOOTP-REPLY | 0 | 0 | 0 |BOOTP-INVALID | 0 | 0 | 0 |


Displays DHCP snooping client bindings.show dhcp ipv6 binding

Displays details of a specific DHCP snooping profile.show dhcp ipv4 snoop binding, page 24


OL-23232-02 27

DHCP Commandsshow dhcp ipv4 snoop statistics

trustedTo configure a DHCP snooping profile to supported trusted sources, use the trusted command in DCHP IPv4Profile Snoop configuration mode. To restore the interface to the default behavior, us the no form of thecommand.

trusted

no trusted

Command Default By default, the DHCP snooping profile is for untrusted sources.

Command Modes DHCP IPv4 Snoop Profile configuration mode




A bridge port can be configured to be trusted by assigning this DHCP snooping profile to a bridge port or abridge-domain.

DHCP snooping selectively forwards DHCPDISCOVER andDHCPREQUESTmessages to trusted interfacesonly, thereby preventing often malicious hosts from seeing the DHCP exchanges.


readip-services

Examples The following example shows how to configure the snoop profile named trustedServerProfile to be trusted:

RP/0/RSP0/CPU0:router# configureRP/0/RSP0/CPU0:router(config)# dhcp ipv4RP/0/RSP0/CPU0:router(config-dhcpv4)# profile trestedServerProfile snoopRP/0/RSP0/CPU0:router(config-dhcpv4-snoop-profile)# trusted


Configures aDHCPRelay or DHCPSnooping profile.pool (DHCP IPv6)


28 OL-23232-02

DHCP Commandstrusted

DescriptionCommand

Allows the insertion of a DHCP relay agentinformation option in forwarded BOOTREQUESTmessages on a DHCP server.


Configures the DHCP component to not dropBOOTREQUEST messages that have the relayinformation option set and giaddr set to zero.



OL-23232-02 29

DHCP Commandstrusted

vrf (relay profile)To configure a relay profile on a VPN routing and forwarding (VRF) instance, use the vrf (relay profile)command in Dynamic Host Configuration Protocol (DHCP) IPv4 configuration mode. To disable this feature,use the no form of this command.

vrf {vrf-name relay profile-name| default| all}

novrf {vrf-name relay profile-name| default| all}

Syntax Description User-defined name for the VRF.vrf-name

Specifies a relay profile.relay

Specifies a name for the relay profile.profile-name

Specifies a profile for the default VRF.default

Specifies a profile for all VRFsall

Command Default If default is selected, then the configuration defaults to VRF.

Command Modes DHCP IPv4 configuration






Examples The following example shows how to set the relay profile for all VRFs:

RP/0/RSP0/CPU0:router# configRP/0/RSP0/CPU0:router(config)# dhcp ipv4RP/0/RSP0/CPU0:router(config-dhcpv4)# vrf all


30 OL-23232-02

DHCP Commandsvrf (relay profile)



dhcp ipv4, page 3
















OL-23232-02 31



32 OL-23232-02
