DHCP Snooping database
- Jean-luc KRIKER
Owned by Jean-luc KRIKER
DHCP snooping database is shared with IP source guard and dynamic ARP inspection
| Understanding DHCP Snooping (ELS) | Link |
| DHCP Snooping | Link |
| Understanding IP Source Guard for Port Security on Switches | protection against IP spoofing ( forging/stealing) |
| Understanding and Using Dynamic ARP Inspection (DAI) | Link |
| DHCP Snooping database | against rogue dhcp server |
|---|---|
| default: | all access port untrusted all Trunk port trusted |
| not in the DB | traffic is blocked |
| Host with static IP@ | + add static Mac and IP@ under the dhcp-security group command |
| config dhcp snooping ( per vlan ) | set vlans Finance forwarding-options dhcp-security group DHCP-server overrides trusted set vlans Finance forwarding-options dhcp-security group DHCP-server interface ge-0/0/0.0 |
| overrides | Link |
| dhcp relay / add option-82 | circuit-id=interface(default), remote-id=Host Mac@(default) , vendor-id=juniper(default), pool , other options |
option-82 circuit-id prefix host-name >> circuit-id = "EX1:ge-0/0/x" | |
| by default dhcp snooping db lost after reboot | |
store into a file | set system processes dhcp-service dhcp-snooping-file snoop-dhcp.log |
| clear dhcp snooping database | |
clear dhcp-security binding clear dhcp-security binding ip-address 172.20.1.10 | |
| show commands | |
| show DHCP snooping datbase | show dhcp-security binding |