Display the DHCP snooping information when the interface on which the DHCP server
connects to the switch is trusted. The following output results when requests are sent
from the MAC addresses and the server has provided the IP addresses and leases:
user@switch>
show dhcp snooping binding
DHCP Snooping Information:
MAC address IP address Lease (seconds) Type VLAN Interface
00:05:85:3A:82:77 192.0.2.17 600 dynamic employee ge-0/0/1.0
00:05:85:3A:82:79 192.0.2.18 653 dynamic employee ge-0/0/1.0
00:05:85:3A:82:80 192.0.2.19 720 dynamic employee ge-0/0/2.0
00:05:85:3A:82:81 192.0.2.20 932 dynamic employee ge-0/0/2.0
00:30:48:92:A5:9D 10.10.10.7 720 dynamic
vlan100 ge-0/0/13.0
00:30:48:8D:01:3D 10.10.10.9 720 dynamic data ge-0/0/14.0
00:30:48:8D:01:5D 10.10.10.8 1230 dynamic voice ge-0/0/14.0
00:11:11:11:11:11 11.1.1.1 — static data ge-0/0/14.0
00:05:85:27:32:88 192.0.2.22 — static employee ge-0/0/17.0
00:05:85:27:32:89 192.0.2.23 — static employee ge-0/0/17.0
00:05:85:27:32:90 192.0.2.27 — static employee ge-0/0/17.0
View the IP source guard information for the data VLAN.
user@switch>
show ip-source-guard
IP source guard information:
Interface Tag IP Address MAC Address VLAN
ge-0/0/13.0 0 10.10.10.7 00:30:48:92:A5:9D vlan100
ge-0/0/14.0 0 10.10.10.9 00:30:48:8D:01:3D data
ge-0/0/14.0 0 11.1.1.1 00:11:11:11:11:11 data
ge–0/0/13.0 100 * * voice
Meaning
When the interface on which the DHCP server connects to the switch has been set to
trusted, the output (see the preceding sample output for
show dhcp snooping binding
)
shows, for each MAC address, the assigned IP address and lease time—that is, the time,
in seconds, remaining before the lease expires. Static IP addresses have no assigned
lease time. Statically configured entries never expire.
The IP source guard database table contains the VLANs enabled for IP source guard, the
untrusted access interfaces on those VLANs, the VLAN 802.1Q tag IDs if there are any,
and the IP addresses and MAC addresses that are bound to one another. If a switch
interface is associated with multiple VLANs and some of those VLANs are enabled for
IP source guard and others are not, the VLANs that are not enabled for IP source guard
have a star (*) in the
IP Address
and
MAC Address
fields. See the entry for the
voice
VLAN in the preceding sample output.
Related
Documentation
Example: Configuring IP Source Guard with Other EX Series Switch Features to Mitigate
Address-Spoofing Attacks on Untrusted Access Interfaces on page 2880
•
Copyright © 2010, Juniper Networks, Inc.
2894
Complete Software Guide for Junos
®
OS for EX Series Ethernet Switches, Release 10.3
Summary of Contents for JUNOS OS 10.3 - SOFTWARE
Page 325: ...CHAPTER 17 Operational Mode Commands for System Setup 229 Copyright 2010 Juniper Networks Inc ...
Page 1323: ...CHAPTER 56 Operational Mode Commands for Interfaces 1227 Copyright 2010 Juniper Networks Inc ...
Page 2841: ...CHAPTER 86 Operational Commands for 802 1X 2745 Copyright 2010 Juniper Networks Inc ...
Page 3367: ...CHAPTER 113 Operational Mode Commands for CoS 3271 Copyright 2010 Juniper Networks Inc ...
Page 3435: ...CHAPTER 120 Operational Mode Commands for PoE 3339 Copyright 2010 Juniper Networks Inc ...
Page 3529: ...CHAPTER 126 Operational Mode Commands for MPLS 3433 Copyright 2010 Juniper Networks Inc ...