05-27-2009 08:12 AM - edited 03-06-2019 05:57 AM
I have DHCP snooping turned on and everything is running fine. I'm now getting ready to move toward turning on verify source, however I want to make sure all devices are set with DHCP or have a static map.
Is there an easy way to do this?
Is there a way to turn on verify source to log only what it would block? Kind of like a test mode.
Thank you
05-27-2009 11:02 PM
Hello Jeff,
>> Is there a way to turn on verify source to log only what it would block?
No this is not possible
see
About preliminary tests you shoud compare the output of CAM table (sh mac-address-table )
the output of DHCP snooping related information using
show ip dhcp snooping database [detail]
for ports not dynamically learned by DHCP snooping you need to verify if a manual binding exists.
Hope to help
Giuseppe
06-02-2009 05:01 AM
I'm also in the same position above. I have configured DHCP snooping etc all working ok.
I have IP phones being assigned addresses from the Layer 3 switch, I have clients being assign IP's from a local DHCP server.
I have configure a static binding for my DHCP server, but as soon as I enter the interface command "ip verify source port-secuirty", any new client that is not already in the DHCP snooping database fails to get an IP addresses. The IP phones are unaffected and carry on working normally -
Any Ideas ?
Regards
Paddy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: