IP address and lease time—that is, the time, in seconds, remaining before the lease
expires. Static IP addresses have no assigned lease time. The statically configured entry
never expires.
If the DHCP server had been configured as untrusted, no entries would be added to the
DHCP snooping database and nothing would be shown in the output of the
show dhcp
snooping binding
command.
Related
Documentation
Enabling DHCP Snooping (CLI Procedure) on page 2910
•
•
Enabling DHCP Snooping (J-Web Procedure) on page 2911
•
Configuring Static IP Addresses for DHCP Bindings on Access Ports (CLI Procedure)
on page 2925
•
Example: Configuring Port Security, with DHCP Snooping, DAI, MAC Limiting, and MAC
Move Limiting, on an EX Series Switch on page 2849
•
Example: Configuring DHCP Snooping, DAI , and MAC Limiting on an EX Series Switch
with Access to a DHCP Server Through a Second Switch on page 2873
•
Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing
Attacks on page 2866
•
Monitoring Port Security on page 2933
•
Troubleshooting Port Security on page 2945
Verifying That a Trusted DHCP Server Is Working Correctly
Purpose
Verify that a DHCP trusted server is working on the switch. See what happens when the
DHCP server is trusted and then untrusted.
Action
Send some DHCP requests from network devices (here they are DHCP clients) connected
to the switch.
Display the DHCP snooping information when the interface on which the DHCP server
connects to the switch is trusted. The following output results when requests are sent
from the MAC addresses and the server has provided the IP addresses and leases:
user@switch>
show dhcp snooping binding
DHCP Snooping Information:
MAC Address IP Address Lease Type VLAN Interface
----------------- ---------- ----- ---- ---- ---------
00:05:85:3A:82:77 192.0.2.17 600 dynamic employee—vlan ge-0/0/1.0
00:05:85:3A:82:79 192.0.2.18 653 dynamic employee—vlan ge-0/0/1.0
00:05:85:3A:82:80 192.0.2.19 720 dynamic employee—vlan ge-0/0/2.0
00:05:85:3A:82:81 192.0.2.20 932 dynamic employee—vlan ge-0/0/2.0
00:05:85:3A:82:83 192.0.2.21 1230 dynamic employee—vlan ge-0/0/2.0
00:05:85:27:32:88 192.0.2.22 3200 dynamic employee—vlan ge-0/0/2.0
Meaning
When the interface on which the DHCP server connects to the switch has been set to
trusted, the output (see preceding sample) shows, for each MAC address, the assigned
2935
Copyright © 2010, Juniper Networks, Inc.
Chapter 96: Verifying Port Security
Summary of Contents for JUNOS OS 10.3 - SOFTWARE
Page 325: ...CHAPTER 17 Operational Mode Commands for System Setup 229 Copyright 2010 Juniper Networks Inc ...
Page 1323: ...CHAPTER 56 Operational Mode Commands for Interfaces 1227 Copyright 2010 Juniper Networks Inc ...
Page 2841: ...CHAPTER 86 Operational Commands for 802 1X 2745 Copyright 2010 Juniper Networks Inc ...
Page 3367: ...CHAPTER 113 Operational Mode Commands for CoS 3271 Copyright 2010 Juniper Networks Inc ...
Page 3435: ...CHAPTER 120 Operational Mode Commands for PoE 3339 Copyright 2010 Juniper Networks Inc ...
Page 3529: ...CHAPTER 126 Operational Mode Commands for MPLS 3433 Copyright 2010 Juniper Networks Inc ...