DHCP snooping is a security feature which allows the network to avoid denial-of-service attacks from rogue DHCP servers. Trusted ports are defined to connect to the known DHCP servers. DHCP snooping also maintains a mapping table for current assignments.

In a DHCP packet flow, there are the following packet types:

Netvisor must snoop the DHCP packets in order to implement this feature, and achieves this by installing a copy-to-cpu vFlow with the parameter, bw-max, to set packet rate limits.

A trusted port is a port receiving the DHCP server messages from a trusted DHCP server. Any DHCP server message, such as OFFER/ACKNOWLEDGE, received from trusted ports are valid. Ports not configured as trusted are untrusted ports. Netvisor drops any DHCP server message received from untrusted ports, and ensures that a rogue DHCP server cannot assign IP addresses to devices on your network.

This command is used to delete a DHCP filter.

Syntax   dhcp—filter-add name name-string 

name name-string

Specify a name for the filter.

Defaults   None

Access   Network Administrator

History   Command introduced in Version 2.6.0.

Usage   Use this command to create a DHCP filter for trusted ports.

Examples  To delete a DHCP filter, trust-server-1, use the following syntax:

CLI network-admin@switch > dhcp-filter-delete name trust-server-1

See Also