DHCP Snooping and Verify Source

Unanswered Question

I have DHCP snooping turned on and everything is running fine. I'm now getting ready to move toward turning on verify source, however I want to make sure all devices are set with DHCP or have a static map.

Is there an easy way to do this?

Is there a way to turn on verify source to log only what it would block? Kind of like a test mode.

Thank you

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Wed, 05/27/2009 - 23:02

Hello Jeff,

>> Is there a way to turn on verify source to log only what it would block?

No this is not possible



About preliminary tests you shoud compare the output of CAM table (sh mac-address-table )

the output of DHCP snooping related information using

show ip dhcp snooping database [detail]

for ports not dynamically learned by DHCP snooping you need to verify if a manual binding exists.

Hope to help


ian.coleman Tue, 06/02/2009 - 05:01

I'm also in the same position above. I have configured DHCP snooping etc all working ok.

I have IP phones being assigned addresses from the Layer 3 switch, I have clients being assign IP's from a local DHCP server.

I have configure a static binding for my DHCP server, but as soon as I enter the interface command "ip verify source port-secuirty", any new client that is not already in the DHCP snooping database fails to get an IP addresses. The IP phones are unaffected and carry on working normally -

Any Ideas ?




This Discussion