cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
522
Views
0
Helpful
2
Replies

DHCP Snooping and Verify Source

jeff.cook
Level 1
Level 1

I have DHCP snooping turned on and everything is running fine. I'm now getting ready to move toward turning on verify source, however I want to make sure all devices are set with DHCP or have a static map.

Is there an easy way to do this?

Is there a way to turn on verify source to log only what it would block? Kind of like a test mode.

Thank you

2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Jeff,

>> Is there a way to turn on verify source to log only what it would block?

No this is not possible

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/configuration/guide/swdhcp82.html#wp1294450

About preliminary tests you shoud compare the output of CAM table (sh mac-address-table )

the output of DHCP snooping related information using

show ip dhcp snooping database [detail]

for ports not dynamically learned by DHCP snooping you need to verify if a manual binding exists.

Hope to help

Giuseppe

I'm also in the same position above. I have configured DHCP snooping etc all working ok.

I have IP phones being assigned addresses from the Layer 3 switch, I have clients being assign IP's from a local DHCP server.

I have configure a static binding for my DHCP server, but as soon as I enter the interface command "ip verify source port-secuirty", any new client that is not already in the DHCP snooping database fails to get an IP addresses. The IP phones are unaffected and carry on working normally -

Any Ideas ?

Regards

Paddy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: