dhcp-filter-show

DHCP snooping is a security feature which allows the network to avoid denial-of-service attacks from rogue DHCP servers. Trusted ports are defined to connect to the known DHCP servers. DHCP snooping also maintains a mapping table for current assignments.

In a DHCP packet flow, there are the following packet types:

Netvisor must snoop the DHCP packets in order to implement this feature, and achieves this by installing a copy-to-cpu vFlow with the parameter, bw-max, to set packet rate limits.

A trusted port is a port receiving the DHCP server messages from a trusted DHCP server. Any DHCP server message, such as OFFER/ACKNOWLEDGE, received from trusted ports are valid. Ports not configured as trusted are untrusted ports. Netvisor drops any DHCP server message received from untrusted ports, and ensures that a rogue DHCP server cannot assign IP addresses to devices on your network.

This command is used to display DHCP filter information.

Syntax   dhcp-filter-show name-string trusted-ports port-list vlan vlan-list

i

name name-string

Displays the name of the filter.

trusted-ports port-list

Displays a list of trusted ports.

vlan vlan-list

Displays a list of VLANs.

Formatting Options

(show commands only)

format fields-to-display

Display output using a specific parameter. Use all to display all possible output.

parsable-delim character

Display output formatted for machine parsing using a specified delimiter.

sort-asc

Display output in ascending order.

sort-desc

Display output in descending order.

show dups

Display duplicate entries in the output.

layout vertical|horizontal

Format the output in a vertical or horizontal layout.

show-interval seconds-interval

Repeat the show command at a specified interval.

show-headers|
no-show-headers

Display column headers or not.

limit-output number

Limit the display output to a specific number of entries.

count-output

Display the number of entries in the output. This is useful with vRouter show commands.

unscaled

Display full values in the output instead of scaled approximate values.

raw-int-values

Display integer values instead of mapped values

sum-by

Aggregate output by specific parameters. If sum-by fields are specified, records that have the same value in sum-by fields are combined and displayed as one aggregate record. NOTE: This option is only available for show commands that collect statistics such as connection-stats-show.

Defaults   None

Access   Network Administrator

History   Command introduced in Version 2.6.0.

Usage   Use this command to display information about a DHCP filter configuration.

Examples  To display DHCP filter information, use the following syntax:

CLI network-admin@switch > dhcp-filter-show

See Also