dhcp-filter-modify
DHCP snooping is a security feature which allows the network to avoid denial-of-service attacks from rogue DHCP servers. Trusted ports are defined to connect to the known DHCP servers. DHCP snooping also maintains a mapping table for current assignments.
In a DHCP packet flow, there are the following packet types:
- DHCPDISCOVER/DHCPREQUEST — Packets from the DHCP client to server (UDP dest-port = 67)
- DHCPOFFER/DHCPACK — Packets from the DHCP Server to client (UDP dest-port = 68)
This command is used to modify a DHCP filter.
Syntax dhcp—filter-modify name name-string trusted-ports port-list
name name-string |
Specify a name for the filter. |
trusted-ports port-list |
Specify a list of trusted ports. |
Defaults None
Access Network Administrator
History
Version 2.6.0 |
Command introduced. |
Usage Use this command to create a DHCP filter for trusted ports.
Examples To modify a DHCP filter, trust-server-1 and change the ports to 33-35, use the following syntax:
CLI (network-admin@switch) > dhcp-filter-modify name trust-server-1 ports 33-35