D Commands

dhcp-filter-create

DHCP snooping is a security feature which allows the network to avoid denial-of-service attacks from rogue DHCP servers. Trusted ports are defined to connect to the known DHCP servers. DHCP snooping also maintains a mapping table for current assignments.

In a DHCP packet flow, there are the following packet types:

  • DHCPDISCOVER/DHCPREQUEST — Packets from the DHCP client to server (UDP dest-port = 67)
  • DHCPOFFER/DHCPACK — Packets from the DHCP Server to client (UDP dest-port = 68)

Netvisor must snoop the DHCP packets in order to implement this feature, and achieves this by installing a copy-to-cpu vFlow with the parameter, bw-max, to set packet rate limits.

  • DHCP-client-vflow — Packets with UDP dest-port=67, copy-to-cpu
  • DHCP-server-vflow — Packets with UDP dest-port=68, copy-to-cpu

A trusted port is a port receiving the DHCP server messages from a trusted DHCP server. Any DHCP server message, such as OFFER/ACKNOWLEDGE, received from trusted ports are valid. Ports not configured as trusted are untrusted ports. Netvisor drops any DHCP server message received from untrusted ports, and ensures that a rogue DHCP server cannot assign IP addresses to devices on your network.

This command is used to create a DHCP filter.

Syntax   dhcp—filter-create

name name-string

Specify a name for the filter.

trusted-ports port-list

Specify a list of trusted ports.

Defaults   None

Access   Network Administrator

History   Command introduced in Version 2.6.0.

Usage   Use this command to create a DHCP filter for trusted ports.

Examples  To create a DHCP filter, trust-server-1 and port 13-17 , use the following syntax:

CLI network-admin@switch > dhcp-filter-create name trust-server-1 ports 13-17

dhcp-filter-delete

DHCP snooping is a security feature which allows the network to avoid denial-of-service attacks from rogue DHCP servers. Trusted ports are defined to connect to the known DHCP servers. DHCP snooping also maintains a mapping table for current assignments.

In a DHCP packet flow, there are the following packet types:

  • DHCPDISCOVER/DHCPREQUEST — Packets from the DHCP client to server (UDP dest-port = 67)
  • DHCPOFFER/DHCPACK — Packets from the DHCP Server to client (UDP dest-port = 68)

This command is used to delete a DHCP filter.

Syntax   dhcp—filter-add name name-string 

name name-string

Specify a name for the filter.

Defaults   None

Access   Network Administrator

History   Command introduced in Version 2.6.0.

Usage   Use this command to create a DHCP filter for trusted ports.

Examples  To delete a DHCP filter, trust-server-1, use the following syntax:

CLI network-admin@switch > dhcp-filter-delete name trust-server-1

dhcp-filter-modify

DHCP snooping is a security feature which allows the network to avoid denial-of-service attacks from rogue DHCP servers. Trusted ports are defined to connect to the known DHCP servers. DHCP snooping also maintains a mapping table for current assignments.

In a DHCP packet flow, there are the following packet types:

  • DHCPDISCOVER/DHCPREQUEST — Packets from the DHCP client to server (UDP dest-port = 67)
  • DHCPOFFER/DHCPACK — Packets from the DHCP Server to client (UDP dest-port = 68)

This command is used to modify a DHCP filter.

Syntax   dhcp—filter-modify name name-string trusted-ports port-list

name name-string

Specify a name for the filter.

trusted-ports port-list

Specify a list of trusted ports.

Defaults   None

Access   Network Administrator

History   Command introduced in Version 2.6.0.

Usage   Use this command to create a DHCP filter for trusted ports.

Examples  To modify a DHCP filter, trust-server-1 and change the ports to 33-35, use the following syntax:

CLI network-admin@switch > dhcp-filter-modify name trust-server-1 ports 33-35

dhcp-filter-show

DHCP snooping is a security feature which allows the network to avoid denial-of-service attacks from rogue DHCP servers. Trusted ports are defined to connect to the known DHCP servers. DHCP snooping also maintains a mapping table for current assignments.

In a DHCP packet flow, there are the following packet types:

  • DHCPDISCOVER/DHCPREQUEST — Packets from the DHCP client to server (UDP dest-port = 67)
  • DHCPOFFER/DHCPACK — Packets from the DHCP Server to client (UDP dest-port = 68)

This command is used to display DHCP filter information.

Syntax   dhcp-filter-show

name name-string

Displays the name of the filter.

trusted-ports port-list

Displays a list of trusted ports.

vlan vlan-list

Displays a list of VLANs.

History   Command introduced in Version 2.6.0.

Usage   Use this command to display information about a DHCP filter configuration.

Examples  To display DHCP filter information, use the following syntax:

CLI network-admin@switch > dhcp-filter-show

dhcp-lease-show

This command is used to display information about DHCP leases on the switch.

Syntax   dhcp-lease-show

ip ip-address

Specifies the IP address of a DHCP client.

mac mac-address

Specifies the MAC address of a DHCP client.

port port-list

Specifies the port of a DHCP client.

vlan vlan-id

Specifies the VLAN for the DHCP client.

vnet vnet name 

Specifies the vNET name.

bd bridge-domain name

Specifies the bridge domain name.

db-state unknown|free|active|
backup|abandoned|
expired

Specifies the state of a DHCP client’s lease.

start-time yyyy-mm-ddThh:mm:ss

The beginning of the DHCP lease.

end-time yyyy-mm-ddThh:mm:ss

Specifies the end of the DHCP lease.

server dhcp name

Specifies the name of the DHCP server.

server-ip ip-address

Specifies the IP address of the DHCP server.

server-port server-port-number

Specifies the port number of the DHCP server.

last-msg |discover|offer|
request|decline|ack|
nack|release|inform

Specifies the last message received from the DHCP client.

last-msg-time date/time:yyyy-mm-ddThh:mm:ss

Specifies the time of the last message received from the DHCP client.

trusted-server|no-trusted-server

Specifies the trusted DHCP server.

Defaults   None

Access   CLI

History   

Version 1.2.1

Command introduced.

Version 2.6

The parameter, trusted-server, added.

Version 5.1.1

The parameters, vnet and bd, added.

Usage   Used to display information about DHCP leases on the switch.

Examples  To display information about the DHCP leases on the switch, use the following command:

CLI network-admin@switch > dhcp-lease-show

switch:        pleiades25

ip:            172.16.23.2

mac:           66:0e:94:21:4a:7b

port:          none

vlan:          11

db-state:      active

start-time:    09:17:59

end-time:      10:17:59

server:        red-dhcp

server-ip:     172.16.23.1

switch:        pleiades25

ip:            172.16.23.3

mac:           00:25:90:63:8a:84

port:          10

vlan:          11

db-state:      active

start-time:    09:20:05

end-time:      10:20:05

server:        red-dhcp

server-ip:     172.16.23.1

server-port:   65

last-msg:      ack

last-msg-time: 09:20:06