DHCP snooping is a security feature which allows the network to avoid denial-of-service attacks from rogue DHCP servers. Trusted ports are defined to connect to the known DHCP servers. DHCP snooping also maintains a mapping table for current assignments.

In a DHCP packet flow, there are the following packet types:

Netvisor must snoop the DHCP packets in order to implement this feature, and achieves this by installing a copy-to-cpu vFlow with the parameter, bw-max, to set packet rate limits.

A trusted port is a port receiving the DHCP server messages from a trusted DHCP server. Any DHCP server message, such as OFFER/ACKNOWLEDGE, received from trusted ports are valid. Ports not configured as trusted are untrusted ports. Netvisor drops any DHCP server message received from untrusted ports, and ensures that a rogue DHCP server cannot assign IP addresses to devices on your network.

This command is used to display DHCP filter information.

Syntax   dhcp-filter-show name-string trusted-ports port-list vlan vlan-list


name name-string

Displays the name of the filter.

trusted-ports port-list

Displays a list of trusted ports.

vlan vlan-list

Displays a list of VLANs.

Formatting Options

(show commands only)

format fields-to-display

Display output using a specific parameter. Use all to display all possible output.

parsable-delim character

Display output formatted for machine parsing using a specified delimiter.


Display output in ascending order.


Display output in descending order.

show dups

Display duplicate entries in the output.

layout vertical|horizontal

Format the output in a vertical or horizontal layout.

show-interval seconds-interval

Repeat the show command at a specified interval.


Display column headers or not.

limit-output number

Limit the display output to a specific number of entries.


Display the number of entries in the output. This is useful with vRouter show commands.


Display full values in the output instead of scaled approximate values.


Display integer values instead of mapped values


Aggregate output by specific parameters. If sum-by fields are specified, records that have the same value in sum-by fields are combined and displayed as one aggregate record. NOTE: This option is only available for show commands that collect statistics such as connection-stats-show.

Defaults   None

Access   Network Administrator

History   Command introduced in Version 2.6.0.

Usage   Use this command to display information about a DHCP filter configuration.

Examples  To display DHCP filter information, use the following syntax:

CLI network-admin@switch > dhcp-filter-show

See Also