Print Page		Document Feedback		Support & Services		Pluribus Networks		LinkedIn		Facebook		Twitter

D Commands

dhcp-filter-create

DHCP snooping is a security feature which allows the network to avoid denial-of-service attacks from rogue DHCP servers. Trusted ports are defined to connect to the known DHCP servers. DHCP snooping also maintains a mapping table for current assignments.

In a DHCP packet flow, there are the following packet types:

DHCPDISCOVER/DHCPREQUEST — Packets from the DHCP client to server (UDP dest-port = 67)
DHCPOFFER/DHCPACK — Packets from the DHCP Server to client (UDP dest-port = 68)

Netvisor must snoop the DHCP packets in order to implement this feature, and achieves this by installing a copy-to-cpu vFlow with the parameter, bw-max, to set packet rate limits.

DHCP-client-vflow — Packets with UDP dest-port=67, copy-to-cpu
DHCP-server-vflow — Packets with UDP dest-port=68, copy-to-cpu

A trusted port is a port receiving the DHCP server messages from a trusted DHCP server. Any DHCP server message, such as OFFER/ACKNOWLEDGE, received from trusted ports are valid. Ports not configured as trusted are untrusted ports. Netvisor drops any DHCP server message received from untrusted ports, and ensures that a rogue DHCP server cannot assign IP addresses to devices on your network.

This command is used to create a DHCP filter.

Syntax dhcp—filter-create

name name-string	Specify a name for the filter.
trusted-ports port-list	Specify a list of trusted ports.

Defaults None

Access Network Administrator

History Command introduced in Version 2.6.0.

Usage Use this command to create a DHCP filter for trusted ports.

Examples To create a DHCP filter, trust-server-1 and port 13-17 , use the following syntax:

CLI network-admin@switch > dhcp-filter-create name trust-server-1 ports 13-17

dhcp-filter-delete

In a DHCP packet flow, there are the following packet types:

DHCPDISCOVER/DHCPREQUEST — Packets from the DHCP client to server (UDP dest-port = 67)
DHCPOFFER/DHCPACK — Packets from the DHCP Server to client (UDP dest-port = 68)

This command is used to delete a DHCP filter.

Syntax dhcp—filter-add name name-string

name name-string

Specify a name for the filter.

Defaults None

Access Network Administrator

History Command introduced in Version 2.6.0.

Usage Use this command to create a DHCP filter for trusted ports.

Examples To delete a DHCP filter, trust-server-1, use the following syntax:

CLI network-admin@switch > dhcp-filter-delete name trust-server-1

dhcp-filter-modify

In a DHCP packet flow, there are the following packet types:

DHCPDISCOVER/DHCPREQUEST — Packets from the DHCP client to server (UDP dest-port = 67)
DHCPOFFER/DHCPACK — Packets from the DHCP Server to client (UDP dest-port = 68)

This command is used to modify a DHCP filter.

Syntax dhcp—filter-modify name name-string trusted-ports port-list

name name-string	Specify a name for the filter.
trusted-ports port-list	Specify a list of trusted ports.

Defaults None

Access Network Administrator

History Command introduced in Version 2.6.0.

Usage Use this command to create a DHCP filter for trusted ports.

Examples To modify a DHCP filter, trust-server-1 and change the ports to 33-35, use the following syntax:

CLI network-admin@switch > dhcp-filter-modify name trust-server-1 ports 33-35

dhcp-filter-show

In a DHCP packet flow, there are the following packet types:

DHCPDISCOVER/DHCPREQUEST — Packets from the DHCP client to server (UDP dest-port = 67)
DHCPOFFER/DHCPACK — Packets from the DHCP Server to client (UDP dest-port = 68)

This command is used to display DHCP filter information.

Syntax dhcp-filter-show

name name-string	Displays the name of the filter.
trusted-ports port-list	Displays a list of trusted ports.
vlan vlan-list	Displays a list of VLANs.

History Command introduced in Version 2.6.0.

Usage Use this command to display information about a DHCP filter configuration.

Examples To display DHCP filter information, use the following syntax:

CLI network-admin@switch > dhcp-filter-show

dhcp-lease-show

This command is used to display information about DHCP leases on the switch.

Syntax dhcp-lease-show

ip ip-address	Specifies the IP address of a DHCP client.
mac mac-address	Specifies the MAC address of a DHCP client.
port port-list	Specifies the port of a DHCP client.
vlan vlan-id	Specifies the VLAN for the DHCP client.
vnet vnet name	Specifies the vNET name.
bd bridge-domain name	Specifies the bridge domain name.
db-state unknown\|free\|active\| backup\|abandoned\| expired	Specifies the state of a DHCP client’s lease.
start-time yyyy-mm-ddThh:mm:ss	The beginning of the DHCP lease.
end-time yyyy-mm-ddThh:mm:ss	Specifies the end of the DHCP lease.
server dhcp name	Specifies the name of the DHCP server.
server-ip ip-address	Specifies the IP address of the DHCP server.
server-port server-port-number	Specifies the port number of the DHCP server.
last-msg \|discover\|offer\| request\|decline\|ack\| nack\|release\|inform	Specifies the last message received from the DHCP client.
last-msg-time date/time:yyyy-mm-ddThh:mm:ss	Specifies the time of the last message received from the DHCP client.
trusted-server\|no-trusted-server	Specifies the trusted DHCP server.

Defaults None

Access CLI

History

Version 1.2.1	Command introduced.
Version 2.6	The parameter, trusted-server, added.
Version 5.1.1	The parameters, vnet and bd, added.

Usage Used to display information about DHCP leases on the switch.

Examples To display information about the DHCP leases on the switch, use the following command:

CLI network-admin@switch > dhcp-lease-show

switch: pleiades25

ip: 172.16.23.2

mac: 66:0e:94:21:4a:7b

port: none

vlan: 11

db-state: active

start-time: 09:17:59

end-time: 10:17:59

server: red-dhcp

server-ip: 172.16.23.1

switch: pleiades25

ip: 172.16.23.3

mac: 00:25:90:63:8a:84

port: 10

vlan: 11

db-state: active

start-time: 09:20:05

end-time: 10:20:05

server: red-dhcp

server-ip: 172.16.23.1

server-port: 65

last-msg: ack

last-msg-time: 09:20:06