DHCP Snooping Configuration
此内容尚不支持你的语言。
show dhcp snooping config
Section titled “show dhcp snooping config”[Command] show dhcp snooping config
[Purpose] View DHCP snooping related configuration status
[View] System view
[Use Cases]
sonic# show dhcp snooping configGLOBAL MODE V4 : enableGLOBAL MODE V6 : enableGLOBAL SNP MAX NUMBER :GLOBAL LEASE TIME : 172800+-------------+----------------+-----------+------------------+| Interface | dhcp_snooping | Trusted | Snp Max Number |+=============+================+===========+==================+| Ethernet50 | enable | true | |+-------------+----------------+-----------+------------------+| Vlan800 | enable | | |+-------------+----------------+-----------+------------------+| Vlan400 | enable | | |+-------------+----------------+-----------+------------------+| Ethernet49 | enable | true | |+-------------+----------------+-----------+------------------+show snooping table
Section titled “show snooping table”[Command] show snooping table
[Purpose] View all snooping table entry details
[View] System view
[Notes] Snooping table entries include those learned by DHCP Snooping and ND Snooping. When this feature is enabled, the device can sync snooping table entries from other devices configured as neighbors, ensuring consistency across the network.
[Use Cases]
sonic# show snooping table+--------+--------------------+------------+------------+-----------+-----------------+-------------+-------+| vlan | smac | sip | lease_time | interface | time-stamp | switch_id | flag |+========+====================+=============+===========+===========+==================+============+=======+| Vlan400 | 3c:22:fb:55:a0:99 | 30.11.64.21 | 7200 | N/A | 1478434670738451 | 30.11.0.89 | remote|+---------+-------------------+-------------+-----------+-----------+------------------+------------+------ +| Vlan400 | 72:fe:15:7e:42:4f | 30.11.64.18 | 6000 | N/A | 1478433013541307 | 30.11.0.84 | local |+---------+------------------+---------------+----------+-----------+------------------+-------------+------+Description of the show snooping table command output
| Item | Description |
|---|---|
| VLAN | VLAN to which the entry belongs |
| SMAC | Terminal MAC address |
| SIP | Terminal IP address |
| lease time | Aging time of the entry |
| interface | Physical interface where the terminal is located |
| time-stamp | Timestamp when the entry was learned, for internal system use |
| switch_id | IP address of the loopback interface of the device to which the terminal is currently connected |
| flag | Identifier for the device to which the terminal is currently connected. If it is the local device, it is labeled as local, and if it’s another device within the cluster, it is labeled as remote. |
show snooping count
Section titled “show snooping count”[Command] show snooping count
[Purpose] View the number of snooping table entries
[View] System view
[Use Cases]
sonic# show snooping counttotal_v4_counter=10local_v4_counter=3remote_v4_counter=7total_v6_counter=43local_v6_counter=10remote_v6_counter=33show snooping status
Section titled “show snooping status”[Command] show snooping status
[Purpose] View snooping table entry synchronization status
[View] System view
[Use Cases]
sonic# show snooping statusSwitch ID : 30.11.0.84Source IP address :30.11.0.84Coherent Status : yesSequence Number : 1362Device Mode : clientNeighbors Status Summary :------------------------------neighbors----------------------------------Switch ID Active Sequence Number Connect_active_number30.11.0.80 yes 1362 630.11.0.81 yes 1362 6Description of the show snooping status command output
| Item | Description |
|---|---|
| Coherent Status | Whether the current table entry is the latest synchronization status yes Synchronization completed no To be updated |
| Active | Connection status between device and neighbor yes Connection is normal no Connection exception |
| Sequence Number | Number of table entry synchronization between device and neighbors |
| Connect_active_number | Number of clients that need to establish connections with neighbor devices |
snp-sync enable {client|server}
Section titled “snp-sync enable {client|server}”[Command] **snp-sync enable {client|server}**switch_id no snp-sync enable
[Purpose] Configure the synchronization properties of the device and enable DHCP Snooping synchronization function
[Parameter]
| Parameter | Description |
|---|---|
| client | For devices directly connected with DHCP clients, the client device will synchronize all the learned snooping table entries to the server device, and synchronize the snooping table entries synchronized by other clients to the server |
| server | The device that is not directly connected to the DHCP client receives all the snooping table entries synchronized by the client |
| switch_id | Device IP, usually the device loopback0 IP address, is used to uniquely identify a device |
[View] System configuration view
[Use Cases]
sonic# configure terminalsonic(config)# snp-sync enable client 192.168.2.2snp-sync neighbor
Section titled “snp-sync neighbor”[Command] snp-sync neighborA.B.C.D/A::B no snp-sync neighborA.B.C.D/A::B
[Purpose] Add the IP address of the device that needs to synchronize snooping table entries
[Parameter]
| Parameter | Description |
|---|---|
| A.B.C.D/A::B | The configured switch_id of the device to be connected |
[View] System configuration view
[Notes] For the server to establish connection with the client, please make sure that BGP neighbors have been established between the devices that need to synchronize snooping table entries, switch-id three layers can be reached.
[Use Cases]
sonic(config)# snp-sync neighbor 192.168.3.2snp-sync peer
Section titled “snp-sync peer”[Command] snp-sync peerA.B.C.D/A::B no snp-sync peerA.B.C.D/A::B
[Purpose] Add the IP address of the device that needs to synchronize snooping table entries
[Parameter]
| Parameter | Description |
|---|---|
| A.B.C.D/A::B | The configured switch_id of the device to be connected |
[View] System configuration view
[Notes] Configure this command on the server device to establish a connection between the server and the server. Make sure that BGP neighbors have been established between the devices that need to synchronize snooping table entries, switch-id three-layer reachable.
[Use Cases]
sonic(config)# snp-sync peer 192.168.3.2dhcp snooping enable {v4|v6}
Section titled “dhcp snooping enable {v4|v6}”[Command] dhcp snooping enable {v4|v6} no dhcp snooping enable
[Purpose] Enable DHCP snooping function
[Parameter]
| Parameter | Description |
|---|---|
| {v4|v6} | Processing DHCPv4/DHCPv6 packets |
[View] System configuration view
[Notes] After enabling the global DHCP snooping function, user also need to enable the DHCP snooping function under the interface and VLAN view. This function should be used in combination with DHCP Relay.
[Use Cases]
sonic(config)# dhcp snooping enable v4sonic(config)# interface ethernet 1sonic(config-if-1)# dhcp snooping enabledhcp-snooping trusted
Section titled “dhcp-snooping trusted”[Command] dhcp-snooping trusted no dhcp-snooping trusted
[Purpose] Configure the interface to a trusted state
[View] System configuration view
[Notes] The trusted port forwards the received DHCP packets normally and learns the DHCP Snooping table entries through the DHCP ACK and DHCP OFFER packets responded by the DHCP server, usually the interface directly or indirectly connected to the DHCP server trusted by the administrator is set as the trusted port, and other port devices are untrusted ports. Physical ports, VLAN interfaces, and link aggregation ports can all be configured in trust mode.
[Use Cases]
sonic(config)# interface ethernet 1sonic(config-if-1)# dhcp snooping trusteddhcp-snooping enable
Section titled “dhcp-snooping enable”[Command] dhcp-snooping enable
[Purpose] Enable the interface DHCP snooping function
[View] Interface view, VLAN Interface view
[Use Cases]
sonic(config)# interface ethernet 1sonic(config-if-1)# dhcp-snooping enable