Command Line Reference
Security Configuration
DHCP Snooping Configuration
14 min
dhcp snooping configuration dhcp snooping configuration show dhcp snooping config show dhcp snooping config \[command] show dhcp snooping config \[purpose] view dhcp snooping related configuration status \[view] system view \[use cases] sonic# show dhcp snooping config global mode v4 enable global mode v6 enable global snp max number global lease time 172800 + + + + + \| interface | dhcp snooping | trusted | snp max number | +=============+================+===========+==================+ \| ethernet50 | enable | true | | + + + + + \| vlan800 | enable | | | + + + + + \| vlan400 | enable | | | + + + + + \| ethernet49 | enable | true | | + + + + + show snooping table show snooping table \[command] show snooping table \[purpose] view all snooping table entry details \[view] system view \[notes] snooping table entries include those learned by dhcp snooping and nd snooping when this feature is enabled, the device can sync snooping table entries from other devices configured as neighbors, ensuring consistency across the network \[use cases] sonic# show snooping table + + + + + + + + + \| vlan | smac | sip | lease time | interface | time stamp | switch id | flag | +========+====================+=============+===========+===========+==================+============+=======+ \| vlan400 | 3c 22\ fb 55\ a0 99 | 30 11 64 21 | 7200 | n/a | 1478434670738451 | 30 11 0 89 | remote| + + + + + + + + + \| vlan400 | 72\ fe 15 7e 42 4f | 30 11 64 18 | 6000 | n/a | 1478433013541307 | 30 11 0 84 | local | + + + + + + + + + description of the show snooping table command output true 115,546#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type show snooping count show snooping count \[command] show snooping count \[purpose] view the number of snooping table entries \[view] system view \[use cases] sonic# show snooping count total v4 counter=10 local v4 counter=3 remote v4 counter=7 total v6 counter=43 local v6 counter=10 remote v6 counter=33 show snooping status show snooping status \[command] show snooping status \[purpose] view snooping table entry synchronization status \[view] system view \[use cases] sonic# show snooping status switch id 30 11 0 84 source ip address 30 11 0 84 coherent status yes sequence number 1362 device mode client neighbors status summary \ neighbors switch id active sequence number connect active number 30 11 0 80 yes 1362 6 30 11 0 81 yes 1362 6 description of the show snooping status command output 135,526#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type snp sync enable {client|server} snp sync enable {client|server} switch id \[command] snp sync enable {client|server} switch id no snp sync enable \[purpose] configure the synchronization properties of the device and enable dhcp snooping synchronization function \[parameter] true 106,555#4283c7 1 1 unhandled content type #4283c7 1 1 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type \[view] system configuration view \[use cases] sonic# configure terminal sonic(config)# snp sync enable client 192 168 2 2 snp sync neighbor snp sync neighbor a b c d/a b \[command] snp sync neighbor a b c d/a b no snp sync neighbor a b c d/a b \[purpose] add the ip address of the device that needs to synchronize snooping table entries \[parameter] true 109,401 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type \[view] system configuration view \[notes] for the server to establish connection with the client, please make sure that bgp neighbors have been established between the devices that need to synchronize snooping table entries, switch id three layers can be reached \[use cases] sonic(config)# snp sync neighbor 192 168 3 2 snp sync peer snp sync peer a b c d/a b \[command] snp sync peer a b c d/a b no snp sync peer a b c d/a b \[purpose] add the ip address of the device that needs to synchronize snooping table entries \[parameter] true 114,396 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type \[view] system configuration view \[notes] configure this command on the server device to establish a connection between the server and the server make sure that bgp neighbors have been established between the devices that need to synchronize snooping table entries, switch id three layer reachable \[use cases] sonic(config)# snp sync peer 192 168 3 2 dhcp snooping enable {v4|v6} dhcp snooping enable {v4|v6} \[command] dhcp snooping enable {v4|v6} no dhcp snooping enable \[purpose] enable dhcp snooping function \[parameter] true 107,403 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type \[view] system configuration view \[notes] after enabling the global dhcp snooping function, user also need to enable the dhcp snooping function under the interface and vlan view this function should be used in combination with dhcp relay \[use cases] sonic(config)# dhcp snooping enable v4 sonic(config)# interface ethernet 1 sonic(config if 1)# dhcp snooping enable dhcp snooping trusted dhcp snooping trusted \[command] dhcp snooping trusted no dhcp snooping trusted \[purpose] configure the interface to a trusted state \[view] system configuration view \[notes] the trusted port forwards the received dhcp packets normally and learns the dhcp snooping table entries through the dhcp ack and dhcp offer packets responded by the dhcp server, usually the interface directly or indirectly connected to the dhcp server trusted by the administrator is set as the trusted port, and other port devices are untrusted ports physical ports, vlan interfaces, and link aggregation ports can all be configured in trust mode \[use cases] sonic(config)# interface ethernet 1 sonic(config if 1)# dhcp snooping trusted dhcp snooping enable dhcp snooping enable \[command] dhcp snooping enable \[purpose] enable the interface dhcp snooping function \[view] interface view, vlan interface view \[use cases] sonic(config)# interface ethernet 1 sonic(config if 1)# dhcp snooping enable
