Users Guide

Remove a static DHCP snooping entry from the binding table in CONFIGURATION mode.
no ip dhcp snooping binding mac mac-address vlan vlan-id interface [ethernet slot/
port/sub-port | port-channel port-channel-id]
Example for removing static DHCP snooping entry in the binding table
OS10(config)# no ip dhcp snooping binding mac 00:04:96:70:8a:12 vlan 100 ip 100.1.1.2
interface ethernet 1/1/4
Clear dynamically-learned entries from DHCP snooping binding table
Use the following command in EXEC mode:
clear ip dhcp snooping binding [mac mac-address] [vlan vlan-id] [interface {ethernet
slot/port/sub-port | port-channel port-channel-id}]
CAUTION: Clearing the DHCP snooping binding table using the clear ip dhcp snooping binding
command also clears the Source Address Validation (SAV) and Dynamic ARP Inspection (DAI) entries on the
system. This affects the traffic from clients that are connected to the DHCP snooping-enabled VLANs.
Example for clearing dynamically-learned entries from DHCP snooping binding table
The following example clears all dynamic DHCP snooping binding entries that are associated with the MAC address
04:56:79:86:73:fe
OS10# clear ip dhcp snooping binding mac 04:56:79:86:73:fe
The following example clears all dynamic DHCP snooping binding entries that are associated with VLAN 100:
OS10# clear ip dhcp snooping binding vlan 100
The following example clears all the dynamic DHCP snooping binding entries that are associated with VLAN 100 with MAC
address 04:56:79:86:73:fe on port-channel 10:
OS10# clear ip dhcp snooping binding mac 04:56:79:86:73:fe vlan 100 port-channel 10
View contents of DHCP binding table
Use the following command in EXEC mode:
show ip dhcp snooping binding [vlan vlan-name]
Example for viewing contents of DHCP binding table
OS10# show ip dhcp snooping binding
Codes : S - Static D Dynamic
IPv4 Address MAC Address Expires(Sec) Type VLAN Interface
=========================================================================
10.1.1.22 11:22:11:22:11:22 120331 S 100 ethernet1/1/4
33.1.1.44 11:22:11:22:11:23 120331 S 200 port-channel100
103.1.1.5 11:22:11:22:11:24 120331 D 300 ethernet1/1/5:4
DHCP snooping examples
DHCP snooping in a simple layer 2 network
This example uses a simple topology with a DHCP snooping switch and a DHCP server. A DHCP client is connected to the
snooping switch and a rogue DHCP server attempts to pose as a legitimate DHCP server. With a configuration similar to the
following, the DHCP snooping switch drops packets from the rogue DHCP server which is connected to an untrusted interface.
302
System management