Users Guide
ip dhcp snooping trust
Configures an interface as trusted in a DHCP snooping enabled VLAN.
Syntax
ip dhcp snooping trust
Parameters None
Defaults Untrusted
Command Mode INTERFACE
Usage
Information
This command configures a physical or port channel interface as trusted. By default all physical and port
channel interfaces in the DHCP snooping enabled VLAN are untrusted. You can configure a DHCP server-
facing physical or port channel interface as trusted. The system permits DHCP server packets only if they
ingress through a trusted interface. If the system receives DHCP packets on an untrusted interface, it
interprets the device that is connected to the untrusted interface as rogue DHCP server and drops the
packet.
The no version of this command resets the interface to untrusted.
Example
OS10(conf-if-eth1/1/33)# ip dhcp snooping trust
Supported
Releases
10.5.0 or later
ip dhcp snooping verify mac-address
Enables DHCPv4 source MAC address validation
Syntax
ip dhcp snooping verify mac-address
Parameters
None
Defaults Disabled
Command Mode CONFIGURATION
Usage
Information
This command enables DHCPv4 source MAC address validation to validate the source hardware address
of a DHCP packet against the client hardware address field (CHADDR) in the DHCP payload.
Example
OS10(config)# ip dhcp snooping verify mac-address
Supported
Releases
10.5.0 or later
show ip arp inspection database
Displays the contents of the DAI database.
Syntax
show ip arp inspection database
Parameters
None
Defaults None
Command Mode EXEC
Usage
Information
This command displays the list of snooped hosts from which ARP packets were processed.
Example
OS10# show ip arp inspection database
Number of entries : 3
Address Hardware Address Interface VLAN
System management 343