Skip to content
AsterNOS
Ask AI

DHCP Snooping Configuration

show dhcp snooping config

Section titled “show dhcp snooping config”

[Command] show dhcp snooping config

[Purpose] View DHCP snooping related configuration status

[View] System view

[Use Cases]

sonic# show dhcp snooping config
GLOBAL MODE V4 : enable
GLOBAL MODE V6 : enable
GLOBAL SNP MAX NUMBER :
GLOBAL LEASE TIME : 172800
+-------------+----------------+-----------+------------------+
| Interface   | dhcp_snooping  | Trusted   | Snp Max Number   |
+=============+================+===========+==================+
| Ethernet50  | enable         | true      |                  |
+-------------+----------------+-----------+------------------+
| Vlan800     | enable         |           |                  |
+-------------+----------------+-----------+------------------+
| Vlan400     | enable         |           |                  |
+-------------+----------------+-----------+------------------+
| Ethernet49  | enable         | true      |                  |
+-------------+----------------+-----------+------------------+

show snooping table

Section titled “show snooping table”

[Command] show snooping table

[Purpose] View all snooping table entry details

[View] System view

[Notes] Snooping table entries include those learned by DHCP Snooping and ND Snooping. When this feature is enabled, the device can sync snooping table entries from other devices configured as neighbors, ensuring consistency across the network.

[Use Cases]

sonic# show snooping table
+---------+--------------------+-------------+------------+-----------+-----------------+-------------+-------+
| vlan    | smac               | sip         | lease_time | interface | time-stamp      | switch_id   | flag  |
+=========+====================+=============+============+===========+=================+=============+=======+
| Vlan400 | 3c:22:fb:55:a0:99  | 30.11.64.21 | 7200       | N/A       | 1478434670738451| 30.11.0.89  | remote|
+---------+--------------------+-------------+------------+-----------+-----------------+-------------+------ +
| Vlan400 | 72:fe:15:7e:42:4f  | 30.11.64.18 | 6000       | N/A       | 1478433013541307| 30.11.0.84  | local |
+---------+--------------------+-------------+------------+-----------+-----------------+-------------+-------+

Description of the

ItemDescription
VLANVLAN to which the entry belongs
SMACTerminal MAC address
SIPTerminal IP address
lease timeAging time of the entry
interfacePhysical interface where the terminal is located
time-stampTimestamp when the entry was learned, for internal system use
switch_idIP address of the loopback interface of the device to which the terminal is currently connected
flagIdentifier for the device to which the terminal is currently connected. If it is the local device, it is labeled as local, and if it’s another device within the cluster, it is labeled as remote.

[Command] show snooping count

[Purpose] View the number of snooping table entries

[View] System view

[Use Cases]

sonic# show snooping count
total_v4_counter=10
local_v4_counter=3
remote_v4_counter=7
total_v6_counter=43
local_v6_counter=10
remote_v6_counter=33

show snooping status

Section titled “show snooping status”

[Command] show snooping status

[Purpose] View snooping table entry synchronization status

[View] System view

[Use Cases]

sonic# show snooping status
Switch ID : 30.11.0.84
Source IP address :30.11.0.84
Coherent Status : yes
Sequence Number : 1362
Device Mode : client
Neighbors Status Summary :
------------------------------neighbors----------------------------------
Switch ID    Active   Sequence Number     Connect_active_number
30.11.0.80    yes       1362          6
30.11.0.81    yes       1362          6

Description of the

ItemDescription
Coherent StatusWhether the current table entry is the latest synchronization status yes Synchronization completed no To be updated
ActiveConnection status between device and neighbor yes Connection is normal no Connection exception
Sequence NumberNumber of table entry synchronization between device and neighbors
Connect_active_numberNumber of clients that need to establish connections with neighbor devices

snp-sync enable {client|server}

Section titled “snp-sync enable {client|server}”

[Command] snp-sync enable {client|server} [ switch_id ] no snp-sync enable

[Purpose] Configure the synchronization properties of the device and enable DHCP Snooping synchronization function

[Parameter]

ParameterDescription
clientThe device directly connected to the DHCP client (client device) will synchronize all learned snooping entries to the server device, and also synchronize the snooping entries that other clients have synchronized to the server.
serverNon-directly connected devices (to DHCP clients) receive all snooping entries synchronized from client devices
switch_idDevice IP, typically the loopback0 IP address of the device, used to uniquely identify a device

[View] System configuration view

[Use Cases]

sonic# configure terminal
sonic(config)# snp-sync enable client 192.168.2.2

snp-sync neighbor

Section titled “snp-sync neighbor”

[Command] snp-sync neighbor A.B.C.D / A::B no snp-sync neighbor A.B.C.D / A::B

[Purpose] Add the IP address of the device that needs to synchronize snooping table entries

[Parameter]

ParameterDescription
A.B.C.D / A::BThe configured switch_id of the device to be connected

[View] System configuration view

[Notes] For the server to establish connection with the client, please make sure that BGP neighbors have been established between the devices that need to synchronize snooping table entries, switch-id three layers can be reached.

[Use Cases]

sonic(config)# snp-sync neighbor 192.168.3.2

snp-sync peer

Section titled “snp-sync peer”

[Command] snp-sync peer A.B.C.D|A::B no snp-sync peer A.B.C.D|A::B

[Purpose] Add the IP address of the device that needs to synchronize snooping table entries

[Parameter]

ParameterDescription
A.B.C.D / A::BThe configured switch_id of the device to be connected

[View] System configuration view

[Notes] Configure this command on the server device to establish a connection between the server and the server. Make sure that BGP neighbors have been established between the devices that need to synchronize snooping table entries, switch-id three-layer reachable.

[Use Cases]

sonic(config)# snp-sync peer 192.168.3.2

dhcp snooping enable {v4|v6}

Section titled “dhcp snooping enable {v4|v6}”

[Command] dhcp snooping enable {v4|v6} no dhcp snooping enable

[Purpose] Enable DHCP snooping function

[Parameter]

ParameterDescription
v4|v6Enable DHCP Snooping function of IPv4 of IPv6

[View] System configuration view

[Notes] After enabling the global DHCP snooping function, user also need to enable the DHCP snooping function under the interface and VLAN view. This function should be used in combination with DHCP Relay.

[Use Cases]

sonic(config)# dhcp snooping enable v4
sonic(config)# interface ethernet 1
sonic(config-if-1)# dhcp snooping enable

dhcp-snooping trusted

Section titled “dhcp-snooping trusted”

[Command] dhcp-snooping trusted no dhcp-snooping trusted

[Purpose] Configure the interface to a trusted state

[View] Interface view, VLAN view

[Usage Scenario] The trusted port forwards the received DHCP packets normally and learns the DHCP Snooping table entries through the DHCP ACK and DHCP OFFER packets responded by the DHCP server, usually the interface directly or indirectly connected to the DHCP server trusted by the administrator is set as the trusted port, and other port devices are untrusted ports. Physical ports, VLAN interfaces, and link aggregation ports can all be configured in trust mode.

[Use Cases]

sonic(config)# interface ethernet 1
sonic(config-if-1)# dhcp snooping trusted

dhcp-snooping enable

Section titled “dhcp-snooping enable”

[Command] dhcp-snooping enable no dhcp-snooping enable

[Purpose] Enable the interface DHCP snooping function

[View] Interface view, VLAN view

[Use Cases]

sonic(config)# interface ethernet 1
sonic(config-if-1)# dhcp-snooping enable