Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
0
Helpful
4
Replies

DHCP snooping verify question

Andy White
Level 3
Level 3

‎05-13-2013 06:02 AM - edited ‎03-07-2019 01:19 PM

Helo,

I'm just conencted to a switch and it has DHCP snooping, which I've configured before, here is the config:

ip dhcp snooping vlan 1

no ip dhcp snooping information option

no ip dhcp snooping verify mac

ip dhcp snooping

What I dont understand it what the command "no ip dhcp snooping verify mac" is on there for?

Why woul we use this?

Thanks

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎05-13-2013 06:10 AM

Hi,

Form the config guide:

You can enable or disable DHCP snooping MAC  address verification. If the device receives a packet on an untrusted  interface and the source MAC address and the DHCP client hardware  address do not match, address verification causes the device to drop the  packet.

http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_dhcpsnoop.html#wp1102732

HTH

0 Helpful

Andy White
Level 3
Level 3
In response to Reza Sharifi

‎05-13-2013 06:19 AM

What is the default?

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Andy White

‎05-13-2013 06:22 AM

By default, it is enabled.

so,

no ip dhcp snooping verify mac

will disable it.

HTH

0 Helpful

Andy White
Level 3
Level 3
In response to Reza Sharifi

‎05-13-2013 06:24 AM

So having it turned off what verification is it doing, it seems to me it's as if it is turned off with that command as it isn't verifying the source mac address against the DHCP snooping database?

0 Helpful
Customers Also Viewed These Support Documents