Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference, Release 4.3.x
DHCP Commands
Downloads: This chapterpdf (PDF - 1.59MB) The complete bookPDF (PDF - 6.95MB) | Feedback

DHCP Commands

DHCP Commands

This chapter describes the Cisco IOS XR software commands used to configure and monitor Dynamic Host Configuration Protocol (DHCP) features on Cisco ASR 9000 Series Aggregation Services Routers.

For detailed information about DHCP concepts, configuration tasks, and examples, refer to the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide.

clear dhcp ipv4 snoop binding

To clear snoop bindings, use the clear dhcp ipv4 snoop binding command in EXEC mode.

clear dhcp ipv4 snoop binding [ bridge-domain name ] [ mac-address mac-address ]

Syntax Description

bridge-domain

(Optional) Clears DHCP snoop bindings for a specific bridge domain.

name

(Optional) Bridge domain name

mac-address

(Optional) Clears DHCP snoop bindings for a specified MAC address.

mac-address

(Optional) MAC address.

Command Default

Clears all snoop bindings.

Command Modes

EXEC

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following is an example of the clear dhcp snoop binding command removing binding for bridge domain ISP1:


RP/0/RSP0/CPU0:router# clear dhcp ipv4 snoop binding bridge-domain ISP1

clear dhcp ipv6 proxy binding

To clear Dynamic Host Configuration Protocol (DHCP) relay bindings for prefix delegation, use the clear dhcp ipv6 proxy binding command in EXEC mode.

clear dhcp ipv6 proxy binding [ipv6-prefix]

Syntax Description

ipv6-prefix

The IPv6 network assigned to the interface.

This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal format using 16-bit values between colons.

Command Default

No default behavior or values

Command Modes

EXEC

Command History

Release Modification
Release 4.1.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

execute

Examples

This is a sample output from the clear dhcp ipv6 proxy binding command:


RP/0/RSP0/CPU0:router# clear dhcp ipv6 proxy binding 


Related Commands

Command

Description

show dhcp ipv6 proxy binding

Displays Dynamic Host Configuration Protocol (DHCP) relay bindings for prefix delegation.

database (DHCPv6 Binding)

To enable Dynamic Host Configuration Protocol IPv6 (DHCPv6) binding database write to the system persistent memory, use the database command in the DHCP IPv6 configuration mode. To disable the DHCPv6 binding table write and to delete the binding table write files from the file system, use the no form of this command.

database [proxy] [ full-write-interval full-write-interval ] [ incremental-write-interval incremental-write-interval ]

no database

Syntax Description

proxy

Enables DHCPv6 proxy binding database write to the system file system.

full-write-interval

Sets the interval for a full file write.

full-write-interval

Full file write interval in minutes. The range is from 0 to 1440. The default value is 10.

incremental-write-interval

Sets the interval for an incremental file write.

incremental-write-interval

Incremental file write interval in minutes. The range is from 0 to 1440. The default value is 1.

Command Default

If the command is executed without the keywords full-write-interval or incremental-write-interval, then the default values of these write intervals are used.

Command Modes

DHCP IPv6 configuration

Command History

Release Modification

Release 4.3.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

All instances of the previous files are deleted after a full persistent binding file write.

The files are written to the file system even if DHCP has no bindings. The incremental file is written even if no new bindings are found in the binding table.

The incremental file does not track deleted bindings. If a binding is deleted and then a system reload occurs before the next full file write, then that binding may reappear when the binding table is recovered from the file system. In this case, the user has to reapply the command to delete the binding. If the binding was deleted because of lease expiry, then it is again deleted when the binding table is recovered from the file system.

The selection of the file system to be used is fixed and not configurable. The file cannot be stored to an external system. Only one file system is used, and if access to this file system fails, then the DHCP binding table backup to file system does not function and an error is logged.

Task ID

Task ID Operation

ip-services

read, write

Examples

This example shows how to enable DHCPv6 binding database write to the system persistent memory:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# dhcp ipv6
RP/0/RSP0/CPU0:router(config-dhcpv6)# database proxy full-write-interval 15 incremental-write-interval 5

Related Commands

show dhcp ipv6 database

Displays the binding database information for Dynamic Host Configuration Protocol for IPv6 (DHCPv6).

destination (DHCP IPv6)

To specify a destination address to which client messages are forwarded and to enable Dynamic Host Configuration Protocol (DHCP) for IPv6 relay service on the interface, use the destination command in DHCP IPv6 interface relay configuration mode. To remove a relay destination on the interface or delete an output interface for a destination, use the no form of this command.

destination ipv6 address interface-path-id

no destination ipv6 address interface-path-id

Syntax Description

ipv6 address address

IPv6 address in the form documented in RFC 2373, where the address is specified in hexadecimal using 16-bit values between colons.

interface-path-id

Either a physical interface instance or a virtual interface instance as follows:

  • Physical interface instance. Naming notation is rack/slot/module/port and a slash between values is required as part of the notation.
    • rack: Chassis number of the rack.
    • slot: Physical slot number of the modular services card or line card.
    • module: Module number. A physical layer interface module (PLIM) is always 0.
    • port: Physical port number of the interface.
    Note   

    In references to a Management Ethernet interface located on a route processor card, the physical slot number is alphanumeric (RP0 or RP1) and the module is CPU0. Example: interface MgmtEth0/RP1/CPU0/0.

  • Virtual interface instance. Number range varies depending on interface type.

For more information about the syntax for the router, use the question mark (?) online help function.

Command Default

Relay function is disabled and there is no relay destination on the interface.

Command Modes

DHCP IPv6 interface relay configuration

Command History

Release

Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The destination command specifies a destination address to which client messages are forwarded and enables DHCP for IPv6 relay service on the interface. When relay service is enabled on an interface, a DHCP for IPv6 message received on that interface is forwarded to all configured relay destinations. The incoming DHCP for IPv6 message may have come from a client on that interface, or it may have been relayed by another relay agent.

The relay destination can be a unicast address of a server or another relay agent, or it may be a multicast address. There are the following two types of relay destination addresses:

  • A link-scoped unicast or multicast IPv6 address, for which a user must specify an output interface
  • A global unicast IPv6 address, for which a user can specify an output interface for this kind of address.
  • A global or site-scope multicast IPv6 address, for which a user can specify an output interface for this kind of address if 'mhost ipv6 default-interface' is specified.

If no output interface is configured for a destination, the output interface is determined by routing tables. In this case, it is recommended that a unicast or multicast routing protocol be running on the router.

Multiple destinations can be configured on one interface, and multiple output interfaces can be configured for one destination. When the relay agent relays messages to a multicast address, it sets the hop limit field in the IPv6 packet header to 32.

Unspecified, loopback, and node-local multicast addresses are not acceptable as the relay destination. If any one of them is configured, the message "Invalid destination address" is displayed.

Note that it is not necessary to enable the relay function on an interface for it to accept and forward an incoming relay reply message from servers. By default, the relay function is disabled, and there is no relay destination on an interface. The no form of the command removes a relay destination on an interface or deletes an output interface for a destination. If all relay destinations are removed, the relay service is disabled on the interface.

The DHCP for IPv6 client, server, and relay functions is mutually exclusive on an interface. When one of these functions is already enabled and a user tries to configure a different function on the same interface, one of the following messages is displayed: “Interface is in DHCP client mode,” “Interface is in DHCP server mode,” or “Interface is in DHCP relay mode.”

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following is an example of the destination command on a Packet over Sonet/SDH (POS) interface:

RP/0/RSP0/CPU0:router(config)# dhcp ipv6 
RP/0/RSP0/CPU0:router(config-dhcpv6)# interface pos 0/5/0/0 relay
RP/0/RSP0/CPU0:router(config-dhcpv6-if)# destination 10:10::10

Related Commands

Command

Description

interface (DHCP)

Enables DHCP for IPv6 on an interface.

dhcp ipv4

To enable Dynamic Host Configuration Protocol (DHCP) for IPv4 and to enter DHCP IPv4 configuration mode, use the dhcp ipv4 command in global configuration mode. To disable DHCP for IPv4 and exit the DHCP IPv4 configuration mode, use the no form of this command.

dhcp ipv4

no dhcp ipv4

Syntax Description

This command has no keywords or arguments.

Command Modes

None

Command Modes

Global configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported for BNG.

Usage Guidelines

Use the dhcp ipv4 command to enter DHCP IPv4 configuration mode.

Task ID

Task ID

Operations

ip-services

read, write

Examples

This example shows how to enable DHCP for IPv4:


RP/0/RSP0/CPU0:router# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)#

dhcp ipv6

To enable Dynamic Host Configuration Protocol (DHCP) for IPv6 and to enter DHCP IPv6 configuration mode, use the dhcp ipv6 command in global configuration mode. To disable the DHCP for IPv6, use the no form of this command.

dhcp ipv6

no dhcp ipv6

Syntax Description

This command has no keywords or arguments.

Command Modes

Global configuration

Command History

Release

Modification

Release 4.1.0

This command was introduced.

Release 4.3.0

This command was supported for BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read, write

Examples

This example shows how to enable DHCP for IPv6:


RP/0/RSP0/CPU0:router(config)# dhcp ipv6
RP/0/RSP0/CPU0:router(config-dhcpv6)#

dhcp ipv4 none

To disable DHCP snooping on a specific port, use the dhcp ipv4 none command in l2vpn bridge group bridge-domain interface configuration mode.

dhcp ipv4 none

Syntax Description

This command has no keywords or arguments.

Command Default

No default behavior or values

Command Modes

l2vpn bridge group bridge-domain interface configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to disable DHCP snooping on GigabitEthernet interface 0/0/0/0:


RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface gigabitethernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-if)# dhcp ipv4 none

Related Commands

Command

Description

show dhcp ipv4 snoop binding

Displays DHCP relay agent status specific to a relay profile.

duplicate-mac-allowed

To allow duplicate client MAC addresses across different VLANS and interfaces, use the duplicate-mac-allowed command in the DHCP IPv4 configuration mode. To disallow duplicate client MAC addresses, use the no form of this command.

duplicate-mac-allowed

no duplicate-mac-allowed

Syntax Description

This command has no keywords or arguments.

Command Default

By default, duplicate MAC address support is disabled.

Command Modes

DHCP IPv4 configuration

Command History

Release Modification
Release 4.3.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

DHCPv4 supports duplicate client MAC addresses across different VLANS and interfaces. You can enable duplicate MAC addresses on relay, proxy, server, and snoop DHCP modes. To enable duplicate client MAC addresses, use the duplicate-mac-allowed command in DHCP IPv4 configuration mode.

Do not enable the duplicate-mac-allowed command for mobile subscribers.

Task ID

Task ID Operation
ip-services

read, write

Examples

This examples shows how to allow duplicate client MAC addresses across different VLANS and interfaces, using the duplicate-mac-allowed command:


RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# duplicate-mac-allowed
RP/0/RSP0/CPU0:router(config-dhcpv4)#

Related Commands

Command

Description

dhcp ipv4

Enables Dynamic Host Configuration Protocol (DHCP) for IPv4 and enters DHCP IPv4 configuration mode.

giaddr policy

To configure how Dynamic Host Configuration Protocol (DHCP) IPv4 Relay processes BOOTREQUEST packets that already contain a nonzero giaddr attribute, use the giaddr policy command in DHCP IPv4 profile relay configuration submode. To restore the default giaddr policy, use the no form of this command.

giaddr policy { replace | drop }

no giaddr policy { replace | drop }

Syntax Description

replace

Replaces the existing giaddr value with a value that it generates.

drop

Drops the packet that has an existing nonzero giaddr value.

Command Default

DHCP IPv4 relay retains the existing nonzero giaddr value in the DHCP IPv4 packet received from a client value .

Command Modes

DHCP IPv4 profile relay configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

The giaddr policy command affects only the packets that are received from a DHCP IPv4 client that have a nonzero giaddr attribute.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to use the giaddr policy command:


RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# giaddr policy drop

Related Commands

Command

Description

dhcp ipv4

Enables DHCP for IPv4 and enters DHCP IPv4 configuration mode.

helper-address

Configures the DHCP relay agent to relay packets to a specific DHCP Server.

profile (DHCP)

Configures a relay profile for the DHCP IPv4 component.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.

helper-address

To configure the Dynamic Host Configuration Protocol (DHCP) IPv4 and IPv6 relay agent to relay BOOTREQUEST packets to a specific DHCP server, use the helper-address command in an appropriate configuration mode. Use the no form of this command to clear the address.

helper-address [ vrf vrf-name ] [ address] [ giaddr gateway-address]

no helper-address [ vrf vrf-name ] [ address] [ giaddr gateway-address]

Syntax Description

vrf-name

(Optional) Specifies the name of a particular VRF.

address

IPv4 and Pv6 address in four part, dotted decimal format.

giaddr gateway-address

Specifies the gateway address to use in packets relayed to server.

Command Default

Helper address is not configured.

Command Modes

DHCP IPv4 profile relay configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported for BNG.

Release 4.3.0

The support for IPv6 was added in BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

A maximum of upto eight helper addresses can be configured.

Task ID

Task ID

Operations

ip-services

read, write

Examples

This example shows how to set the helper-address for a VRF using the helper-address command DHCP IPv4 profile relay configuration mode:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# helper-address vrf v1 10.10.10.1

This example shows how to set the helper-address for a VRF using the helper-address command DHCP IPv4 profile proxy configuration mode:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client proxy
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# helper-address vrf v1 10.10.10.1 giaddr 10.10.10.10

Related Commands

Command

Description

dhcp ipv4

Enables Dynamic Host Configuration Protocol (DHCP) for IPv4 and enters DHCP IPv4 configuration mode.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

relay information policy

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.

helper-address (ipv6)

To configure the Dynamic Host Configuration Protocol (DHCP) IPv6 relay agent for prefix delegation to relay DHCP packets to a specific DHCP server, use the helper-address command in the DHCP IPv6 profile configuration submode. Use the no form of this command to clear the address.

helper-address ipv6-address [ interface type interface-path-id ]

no helper-address ipv6-address [ interface type interface-path-id ]

Syntax Description

ipv6-address

The IPv6 address assigned to the interface.

This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal format using 16-bit values between colons.

interface type

Interface type. For more information, use the question mark (?) online help function.

interface-path-id

(Optional) Either a physical interface instance or a virtual interface instance as follows:

  • Physical interface instance. Naming notation is rack/slot/module/port and a slash between value s is required as part of the notation.
    • rack: Chassis number of the rack.
    • slot: Physical slot number of the modular services card or line card.
    • module: Module number. A physical layer interface module (PLIM) is always 0.
    • port: Physical port number of the interface.
    Note   

    In references to a Management Ethernet interface located on a route processor card, the physical slot number is alphanumeric (RSP0) and the module is CPU0. Example: interface MgmtEth0/RSP0/CPU0/0.

  • Virtual interface instance. Number range varies depending on interface type.

For more information about the syntax for the router, use the question mark (?) online help function.

Command Default

No default behavior or values

Command Modes

DHCP IPv6 profile configuration

Command History

Release Modification
Release 4.1.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read, write

Examples

This is a sample output that shows how to set the helper-address using the helper-address command


RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv6
RP/0/RSP0/CPU0:router(config-dhcpv6)# profile p1 proxy
RP/0/RSP0/CPU0:router(config-dhcpv6-profile)# helper-address 2001:db8::3 GigabitEthernet 0/2/0/0 

Related Commands

Command

Description

dhcp ipv6

Enables Dynamic Host Configuration Protocol (DHCP) for IPv6.

interface (DHCP)

To enable Dynamic Host Configuration Protocol (DHCP) for IPv4 on an interface, use the interface command in the appropriate configuration mode. To disable DHCPv4 on an interface, use the no form of the command.

interface type interface-path-id { server | relay }

no interface type interface-path-id { relay | server }

Syntax Description

type

Interface type. For more information, use the question mark (?) online help function.

interface-path-id

Physical interface or virtual interface.

Note   

Use the show interfaces command to see a list of all interfaces currently configured on the router.

For more information about the syntax for the router, use the question mark (?) online help function.

relay

Specifies a destination address.

Command Default

None

Command Modes

DHCP IPv4 configuration

Command History

Release

Modification

Release 4.1.0

This command was introduced.

Release 4.3.0

The support for IPv6 was added in BNG.

Task ID

Task ID

Operations

ip-services

read, write

Examples

This is an example of enabling the DHCP interface mode on a Packet over Sonet/SDH (POS) interface using the interface command:

RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# interface POS 0/5/0/0 relay

Related Commands

Command

Description

dhcp ipv4

Enables Dynamic Host Configuration Protocol (DHCP) for IPv4 and enters DHCP IPv4 configuration mode.

profile (DHCP)

To configure a DHCP relay profile, DHCP snooping profile, or a DHCP proxy profile for the Dynamic Host Configuration Protocol (DHCP) IPv4 component and to enter the profile mode, use the profile command in DHCP IPv4 configuration mode. To disable this feature and exit the profile mode, use the no form of this command.

profile name { relay | snoop | proxy }

no profile name { relay | snoop | proxy }

Syntax Description

name

Name that uniquely identifies the relay or snoop profile.

relay

Configures a DHCP relay profile. A DHCP relay agent is a host that forwards DHCP packets between clients and servers. When the clients and servers are not on the same physical subnet, the relay agents are used to forward requests and replies between them.

A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay agents are used to forward requests and replies between clients and servers when they are not on the same physical subnet. Relay agent forwarding is distinct from the normal forwarding of an IP router, where IP datagrams are switched between networks rather transparently. By contrast, relay agents receive DHCP messages and then generate a new DHCP message to send out on another interface. The relay agent sets the gateway IP address (giaddr field of the DHCP packet) and, if configured, adds the relay agent information option (option82) in the packet and forwards it to the DHCP server. The reply from the server is forwarded back to the client after removing option 82.

The Cisco IOS DHCP relay agent supports the use of unnumbered interfaces, including use of smart relay agent forwarding. For DHCP clients connected through the unnumbered interfaces, the DHCP relay agent automatically adds a static host route once the DHCP client obtains an address, specifying the unnumbered interface as the outbound interface. The route is automatically removed once the lease time expires or when the client releases the address.

snoop

Configures a DHCP snoop profile. DHCP snooping is a DHCP security feature that provides security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding table.

DHCP snooping is a DHCP security feature that provides security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding table. An untrusted message is a message that is received from outside the network or firewall and that can cause traffic attacks within your network.

The DHCP snooping binding table contains the MAC address, IP address, lease time, binding type, VLAN number, and interface information that corresponds to the local untrusted interfaces of a switch. It does not contain information regarding hosts interconnected with a trusted interface. An untrusted interface is an interface that is configured to receive messages from outside the network or firewall. A trusted interface is an interface that is configured to receive only messages from within the network.

DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also gives you a way to differentiate between untrusted interfaces connected to the end-user and trusted interfaces connected to the DHCP server or another switch.

proxy

Configures a DHCP proxy profile.

The DHCP proxy performs all the functions of a relay and also provides some additional functions. The DHCP proxy conceals DHCP server details from DHCP clients. The DHCP proxy modifies the DHCP replies such that the client considers the proxy to be the server. In this state, the client interacts with the proxy as if it is the DHCP server.

The DHCP proxy passes IP configuration information between the client and server. It also keeps track of the client's addresses and lease time. It is used when DHCP client and DHCP server are present on different networks.

Command Default

None

Command Modes

DHCP IPv4 configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.0.0

The proxy keyword was added.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read, write

Examples

This example shows how to use the profile command for a relay profile:

RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)#


This example shows how to use the profile command for a proxy profile:
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile profile1 proxy
RP/0/RSP0/CPU0:router(config-dhcpv4-proxy-profile)#


Related Commands

Command

Description

dhcp ipv4

Enters DHCP IPv4 configuration mode.

Configures how a relay agent processes BOOTREQUEST messages that already contain a nonzero giaddr attribute.

Configures the DHCP relay agent to relay packets to a specific DHCP server.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.

vrf (relay profile)

Specifies a relay profile on a VRF.

relay information authenticate

To specify relay agent information option to the policy plane for authentication purposes, use the relay information authenticate command in the DHCP IPv4 proxy profile configuration mode. To disable the relay option, use the no form of this command.

relay information authenticate { received | inserted }

no relay information authenticate { received | inserted }

Syntax Description

received

Authenticate using received relay agent information option.

inserted

Authenticate using inserted relay agent information option.

Command Default

None

Command Modes

DHCP IPv4 proxy profile configuration

Command History

Release

Modification

Release 4.3.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read, write

Examples

This example shows how to specify the received relay agent information option for authentication using the relay information authenticate command in DHCP IPv4 proxy profile configuration mode:
RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile myprofile proxy
RP/0/RSP0/CPU0:router(config-dhcpv4-proxy-profile)# relay information authenticate received

Related Commands

Command

Description

dhcp ipv4

Enables Dynamic Host Configuration Protocol (DHCP) for IPv4 and enters DHCP IPv4 configuration mode.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

relay information policy

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.

relay information check

To configure a Dynamic Host Configuration Protocol (DHCP) IPv4 Relay to validate the relay agent information option in forwarded BOOTREPLY messages, use the relay information check command in DHCP IPv4 relay profile configuration submode. To disable this feature, use the no form of this command.

relay information check

no relay information check

Syntax Description

This command has no keywords or arguments.

Command Default

DHCP validates the relay agent information option.

Command Modes

DHCP IPv4 relay profile configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported for BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read, write

basic-services

read, write

Examples

This example shows how to use the relay information check command:

RP/0/RSP0/CPU0:router#config 
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# relay information check 

Related Commands

Command

Description

dhcp ipv4

Enables DHCP for IPv4 and enters DHCP IPv4 configuration mode.

giaddr policy

Configures how a relay agent processes BOOTREQUEST messages that already contain a nonzero giaddr attribute.

Configures the DHCP relay agent to relay packets to a specific DHCP Server.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.

relay information option

To configure Dynamic Host Configuration Protocol (DHCP) IPv4 relay or DHCP snooping Relay to insert relay agent information option in forwarded BOOTREQUEST messages to a DHCP server, use the relay information option command in DHCP IPv4 relay profile relay configuration or DHCP IPv4 profile snoop submode. To disable inserting relay information into forwarded BOOTREQUEST messages, use the no form of this command.

relay information option

no relay information option

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes


            DHCP IPv4
            relay
            profile
            relay
            configuration
        

DHCP IPv4 profile snoop configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported for BNG.

Usage Guidelines

The relay information option command automatically adds the circuit identifier suboption and the remote ID suboption to the DHCP relay agent information option.

The relay information option command enables a DHCP server to identify the user (for example, cable access router) sending the request and initiate appropriate action based on this information. By default, DHCP does not insert relay information.

If the information option command is enabled, DHCP snooping mode does not set the giaddr field in the DHCP packet.

The upstream DHCP server or DHCP relay interface must be configured to accept this type of packet using the relay information option allow-untrusted configuration. This configuration prevents the server or relay from dropping the DHCP message.

Task ID

Task ID

Operations

ip-services

read, write

basic-services

read, write

Examples

This example shows how to use the relay information option command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# relay information option

Related Commands

Command

Description

dhcp ipv4

Enables DHCP for IPv4 and enters DHCP IPv4 configuration mode.

giaddr policy

Configures how a relay agent processes BOOTREQUEST messages that already contain a nonzero giaddr attribute.

Configures the DHCP relay agent to relay packets to a specific DHCP Server.

profile (DHCP)

Configures a relay profile for the DHCP IPv4 component.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.

relay information option allow-untrusted

To configure the Dynamic Host Configuration Protocol (DHCP) IPv4 relay or DHCP snooping Relay not to drop discard BOOTREQUEST packets that have the relay information option set and the giaddr set to zero, use the relay information option allow-untrusted command in DHCP IPv4 relay profile configuration submode or DHCP IPv4 profile snoop configuration submode. To restore the default behavior, which is to discard the BOOTREQUEST packets that have the relay information option and set the giaddr set to zero, use the no form of this command.

relay information option allow-untrusted

no relay information option allow-untrusted

Syntax Description

This command has no keywords or arguments.

Command Default

The packet is dropped if the relay information is set and the giaddr is set to zero.

Command Modes


            DHCP IPv4
            relay
            profile
            relay
            configuration
        

DHCP IPv4 profile snoop configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported for BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

According to RFC 3046, relay agents (and servers) receiving a DHCP packet from an untrusted circuit with giaddr set to zero but with a relay agent information option already present in the packet shall discard the packet and increment an error count. This configuration prevents the server or relay from dropping the DHCP message.

Task ID

Task ID

Operations

ip-services

read, write

basic-services

read, write

Examples

This example shows how to use the relay information option allow-untrusted command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay 
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# relay information option allow-untrusted

Related Commands

Command

Description

dhcp ipv4

Enables DHCP for IPv4 and enters DHCP IPv4 configuration mode.

giaddr policy

Configures how a relay agent processes BOOTREQUEST messages that already contain a nonzero giaddr attribute.

Configures the DHCP relay agent to relay packets to a specific DHCP Server.

profile (DHCP)

Configures a relay profile for the DHCP IPv4 component.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.

relay information policy

To configure how the Dynamic Host Configuration Protocol (DHCP) IPv4 relay processes BOOTREQUEST packets that already contain a relay information option, use the relay information policy command in DHCP IPv4 relay profile configuration submode. To restore the default relay information policy, use the no form of this command.

relay information policy { drop | keep }

no relay information policy { drop | keep }

Syntax Description

drop

Directs the DHCP IPv4 Relay to discard BOOTREQUEST packets with the existing relay information option.

keep

Directs the DHCP IPv4 Relay not to discard a BOOTREQUEST packet that is received with an existing relay information option and to keep the existing relay information option value.

Command Default

The DHCP IPv4 Relay does not discard a BOOTREQUEST packet that has an existing relay information option. The option and the existing relay information option value is replaced.

Command Modes

DHCP IPv4 relay profile configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported for BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read, write

basic-services

read, write

Examples

This is sample output from executing the relay information policy command:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# relay information policy keep

Related Commands

Command

Description

dhcp ipv4

Enables DHCP for IPv4 and enters DHCP IPv4 configuration mode.

Configures how a relay agent processes BOOTREQUEST messages that already contain a nonzero giaddr attribute.

helper-address

Configures the DHCP relay agent to relay packets to a specific DHCP Server.

profile (DHCP)

Configures a relay profile for the DHCP IPv4 component.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

show dhcp ipv4 relay profile

To display Dynamic Host Configuration Protocol (DHCP) relay agent status, use the show dhcp ipv4 relay profile command in EXEC mode.

show dhcp ipv4 relay profile

Syntax Description

This command has no keywords or arguments.

Command Default

No default behavior or values

Command Modes

EXEC

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

This command displays the relay profiles created for DHCP IPv4.

Task ID

Task ID

Operations

ip-services

read

Examples

The following is sample output from the show dhcp ipv4 relay profile command:

RP/0/RSP0/CPU0:router# show dhcp ipv4 relay profile

DHCP IPv4 Relay Profiles
--------------------------
r1
r2

Related Commands

Command

Description

show dhcp ipv4 relay profile name

Displays Dynamic Host Configuration Protocol (DHCP) relay agent status, specific to a relay profile.

show dhcp ipv4 relay profile name

To display Dynamic Host Configuration Protocol (DHCP) relay agent status, specific to a relay profile, use the show dhcp ipv4 relay profile name command in EXEC mode.

show dhcp ipv4 relay profile [ name]

Syntax Description

name

(Optional) Name that uniquely identifies the relay profile.

Command Default

If name is not specified, displays a list of configured DHCP profile names.

No default behavior or values

Command Modes

EXEC

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read

Examples

The following is sample output from the show dhcp ipv4 relay profile name command:

RP/0/RSP0/CPU0:router# show dhcp ipv4 relay profile name r1

DHCP IPv4 Relay Profile r1:

Helper Addresses:
10.10.10.1, vrf default
Information Option: Disabled
Information Option Allow Untrusted: Disabled
Information Option Policy: Replace
Information Option Check: Disabled
Giaddr Policy: Keep
Broadcast-flag Policy: Ignore

VRF References:
default
Interface References:
FINT0_RSP0_CPU0
MgmtEth0_RSP0_CPU0_0

show dhcp ipv4 relay statistics

To display the Dynamic Host Configuration Protocol (DHCP) IPv4 relay agent packet statistics information for VPN routing and forwarding (VRF) instances, use the show dhcp ipv4 relay statistics command in EXEC mode.

show dhcp [ vrf { vrf-name | default } ] ipv4 relay statistics

Syntax Description

vrf vrf-name

(Optional) Name that uniquely identifies the VRF.

default

(Optional) Displays the relay statistics information for the default VRF.

Command Default

No default behavior or values

Command Modes

EXEC

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read

Examples

The following is sample output from the show dhcp ipv4 relay statistics command when none of the optional keywords or arguments are used command :

RP/0/RSP0/CPU0:router# show dhcp ipv4 relay statistics

                  Bridge              |      RX       |      TX       |       DR      |
---------------------------------------------------------------------------------------
 default                              |            0  |            0  |            0  |

The following is sample output from the show dhcp ipv4 relay statistics command using the vrf and default keywords:

RP/0/RSP0/CPU0:router# show dhcp vrf default ipv4 relay statistics
Sun Apr 6 07:10:35.873 UTC

DHCP IPv4 Relay Statistics for VRF default:

     TYPE         |    RECEIVE    |    TRANSMIT   |     DROP      |
-------------------------------------------------------------------
DISCOVER          |            0  |            0  |            0  |
OFFER             |            0  |            0  |            0  |
REQUEST           |            0  |            0  |            0  |
DECLINE           |            0  |            0  |            0  |
ACK               |            0  |            0  |            0  |
NAK               |            0  |            0  |            0  |
RELEASE           |            0  |            0  |            0  |
INFORM            |            0  |            0  |            0  |
LEASEQUERY        |            0  |            0  |            0  |
LEASEUNASSIGNED   |            0  |            0  |            0  |
LEASEUNKNOWN      |            0  |            0  |            0  |
LEASEACTIVE       |            0  |            0  |            0  |
BOOTP-REQUEST     |            0  |            0  |            0  |
BOOTP-REPLY       |            0  |            0  |            0  |
BOOTP-INVALID     |            0  |            0  |            0  |

show dhcp ipv4 snoop binding

To show information concerning DHCP snooping bindings, use the show dhcp ipv4 snoop binding command in EXEC mode.

show dhcp ipv4 snoop binding [ mac-address mac-address | summary ]

Syntax Description

mac-address mac- address

(Optional) Displays the details of DHCP snooping client bindings associated with the specified MAC address.

summary

(Optional) displays the total number of DHCP snooping client bindings.

Command Default

Displays brief information about all DHCP snooping client bindings

Command Modes

EXEC

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read

Examples

The following example shows output from the dhcp ipv4 snoop binding command for all MAC addresses:

RP/0/RSP0/CPU0:router# show dhcp ipv4 snoop binding
Sun Apr  6 05:58:07.741 UTC

 MAC            IP                         Lease                                       Bridge
 Address        Address         State      Remaining  Interface                        Domain
-------------- --------------- ---------- ---------- -------------------------------- ---------
0000.6402.0102 192.128.0.1     BOUND      2499       Gi0/2/0/20.111                   mgmtEth
0000.6402.0103 192.128.0.2     BOUND      2499       Gi0/2/0/20.111                   mgmtEth
0000.6402.0104 192.128.0.3     BOUND      2499       Gi0/2/0/20.111                   mgmtEth
0000.6402.0105 192.128.0.4     BOUND      2499       Gi0/2/0/20.111                   mgmtEth
0000.6402.0106 192.128.0.5     BOUND      2499       Gi0/2/0/20.111                   mgmtEth
0000.6402.0107 192.128.0.6     BOUND      2499       Gi0/2/0/20.111                   mgmtEth
0000.6402.0108 192.128.0.7     BOUND      2499       Gi0/2/0/20.111                   mgmtEth
0000.6402.0109 192.128.0.8     BOUND      2499       Gi0/2/0/20.111                   mgm:mhd
0000.6402.010a 192.128.0.9     BOUND      2499       Gi0/2/0/20.111                   mgm:mhd
0000.6402.010b 192.128.0.10    BOUND      2499       Gi0/2/0/20.111                   mgm:mhd

The following example shows output from the dhcp ipv4 snoop binding command using the optional summary keyword:

RP/0/RSP0/CPU0:router# show dhcp ipv4 snoop binding summary
Sun Apr  6 06:45:03.878 UTC

Number of IPv4 DHCP Snoop bindings: 10

The following example shows output from the dhcp ipv4 snoop binding command using a specific MAC address:

RP/0/RSP0/CPU0:router# show dhcp ipv4 snoop binding mac-address 0000.6402.0102
Sun Apr  6 06:45:03.878 UTC

MAC Address:         0000.6402.0102
  IP Address:        192.128.0.1
  Client ID:         0064
  Profile:           s1
  State:             BOUND
  Lease (sec):       3600
Remaining (sec):     2833
Bridge Domain:       mgm:mhd
Interface:           GigabitEthernet0/2/0/10.111

Related Commands

Command

Description

clear dhcp ipv4 snoop binding

Clears DHCP snooping bindings.

show dhcp ipv4 snoop statistics

Displays statistics for a specific bridge-domain.

show dhcp ipv6 database

To display the DHCPv6 database state, use the show dhcp ipv6 database command in EXEC mode.

show dhcp ipv6 database [ location node-id]

Syntax Description

locationnode-id

(Optional) Location of a particular IPv4 access list. The node-id argument is entered in the rack/slot/module notation.

Command Default

By default, the database file on the RP node is displayed.

Command Modes

EXEC

Command History

Release Modification
Release 4.3.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read

Examples

This example show how to display the DHCPv6 database state:


RP/0/RSP0/CPU0:router# show dhcp ipv6 database 

Database:
Current file version:                1
Full file:
  write interval:                    10 seconds
  last file name:                    /harddiska:/dhcp/dhcpv6_srpb_1_even
  last write time:                   Apr-02-2010-08:35:47
  write count:                       10
  failed write count:                0
  record count:                      1000
  last write error:                  -
  last write error timestamp:        -
Incremental file:
  write interval:                    1 second
  last file name:                    /harddiska:/dhcp/dhcpv6_srpb_1_odd_inc
  last write time:                   Apr-02-2010-08:34:47
  write count:                       81
  failed write count:                0
  record count:                      373
  last write error:                  -
  last write error timestamp:        -


Related Commands

Command

Description

database

Enables DHCP binding database storage to the file system.

show dhcp ipv6 interface

To display Dynamic Host Configuration Protocol (DHCP) for IPv6 interface information, use the show dhcp ipv6 interface command in EXEC mode.

show dhcp ipv6 interface interface-type interface-instance

Syntax Description

interface-type

Interface type. For more information, use the question mark (?) online help function.

interface-instance

Either a physical interface instance or a virtual interface instance as follows:

  • Physical interface instance. Naming notation is rack/slot/module/port and a slash between values is required as part of the notation.
    • rack: Chassis number of the rack.
    • slot: Physical slot number of the modular services card or line card.
    • module: Module number. A physical layer interface module (PLIM) is always 0.
    • port: Physical port number of the interface.
    Note   

    In references to a Management Ethernet interface located on a route processor card, the physical slot number is alphanumeric (RP0 or RP1) and the module is CPU0. Example: interface MgmtEth0/RP1/CPU0/0.

  • Virtual interface instance. Number range varies depending on interface type.

For more information about the syntax for the router, use the question mark (?) online help function.

Command Default

No default behavior or values

Command Modes

EXEC

Command History

Release

Modification

Release 4.1.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

If no interfaces are specified, all interfaces on which DHCP for IPv6 (client or server) is enabled are shown. If an interface is specified, only information about the specified interface is displayed.

Task ID

Task ID

Operations

ip-services

read

Examples

The following is sample output from the show dhcp ipv6 interface command when an interface is not specified:

RP/0/RSP0/CPU0:router# show dhcp ipv6 interface

GigabitEthernet 0/0/0/1 is in relay mode
   Relay destinations:
     2001:eb8:1::1

This table describes the significant fields shown in the display.



Table 1 show dhcp ipv6 interface Command Field Descriptions

Field

Description

GigabitEthernet 0/0/0/1 is in relay mode

Displays whether the specified interface is in relay mode.

Related Commands

Command

Description

interface (DHCP)

Enables DHCP for IPv6 on an interface.

show dhcp ipv4 snoop statistics

To display statistics for a specific bridge domain, use the show dhcp ipv4 snoop statistics command in EXEC mode.

show dhcp ipv4 snoop statistics [ bridge-domain bridge-domain-name ]

Syntax Description

bridge-domain bridge-domain- name

(Optional) Specifies a specific bridge-domain.

Command Default

Displays a table of DHCP snooping receive (RX), transmit (TX), and drop (DR) packet statistics for each bridge domain.

Command Modes

EXEC

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that incoudes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read

Examples

The following shows output from the show dhcp ipv4 snoop statistics command, showing a table of DHCP snooping RX, TX, and DR packet statistics for each bridge domain:

RP/0/RSP0/CPU0:router# show dhcp ipv4 snoop statistics
Sun Apr  6 05:55:57.524 UTC

              Bridge                          |       RX       |      TX       |       DR      |
------------------------------------------------------------------------------------------------
 mgm:mhd                                      |          964   |          964  |            0  |

The following shows output from the show dhcp ipv4 snoop statistics command, showing a table of DHCP snooping RX, Tx, and Drop packet statistics for a specific bridge domain:

RP/0/RSP0/CPU0:router# show dhcp ipv4 snoop statistics bridge-domain mgm:mhd
Sun Apr  6 05:57:03.600 UTC

DNCP IPv4 Snoop Statistics for Bridge mgm:mhd:

     TYPE         |    RECEIVE    |    TRANSMIT   |     DROP      |
-------------------------------------------------------------------
 DISCOVER         |          111  |          111  |            0  |
 OFFER            |          111  |          111  |            0  |
 REQUEST          |          371  |          371  |            0  |
 DECLINE          |            0  |            0  |            0  |
 ACK              |          371  |          371  |            0  |
 NAK              |            0  |            0  |            0  |
 RELEASE          |            0  |            0  |            0  |
 INFORM           |            0  |            0  |            0  |
 LEASEQUERY       |            0  |            0  |            0  |
 LEASEUNASSIGNED  |            0  |            0  |            0  |
 LEASEUNKNOWN     |            0  |            0  |            0  |
 LEASACTIVE       |            0  |            0  |            0  |
 BOOTP-REQUEST    |            0  |            0  |            0  |
 BOOTP-REPLY      |            0  |            0  |            0  |
 BOOTP-INVALID    |            0  |            0  |            0  |

Related Commands

Command

Description

show dhcp ipv4 snoop binding

Displays details of a specific DHCP snooping profile.

show dhcp ipv6 proxy binding

To display the client bindings for Dynamic Host Configuration Protocol (DHCP) proxy, use the show dhcp ipv6 proxy binding command in EXEC mode.

show dhcp ipv6 proxy binding { detail | duid | interface | interface-id | location | mac-address | remote-id | summary | vrf }

Syntax Description

detail

Displays detailed bindings for proxy.

duid

Displays client bindings for DUID.

interface

Displays client bindings by Interface.

interface-id

Displays client bindings by Interface ID.

location

Specifies the node location.

mac-address

Displays detailed client binding information.

remote-id

Displays client binding by Remote ID.

summary

Displays summary bindings for proxy.

vrf

Displays client bindings by VRF name.

Command Default

None

Command Modes

EXEC

Command History

Release Modification
Release 4.1.1

This command was introduced.

Release 4.3.0

This command was supported for BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

ip-services

read

Examples

This is a sample output from the show dhcp ipv6 proxy binding command:


RP/0/RSP0/CPU0:router# show dhcp ipv6 proxy binding

Summary:
  Total number of Proxy bindings = 1
Prefix: 2001::/60 (Gi0/0/0/1)
  DUID: 00030001ca004a2d0000
  IAID: 00020001
  lifetime: 2592000
  expiration: Nov 25 2010 16:47

RP/0/RSP0/CPU0:router# show dhcp ipv6 proxy binding summary

Total number of clients: 2

     STATE              |             COUNT            |
                        |     IA-NA     |    IA-PD     |
--------------------------------------------------------
  INIT                  |            0  |           0  |
  SUB VALIDATING        |            0  |           0  |
  ADDR/PREFIX ALLOCATING|            0  |           0  |
  REQUESTING            |            0  |           0  |
  SESSION RESP PENDING  |            2  |           0  |
  ROUTE UPDATING        |            0  |           0  |
  BOUND                 |            0  |           0  |

Related Commands

Command

Description

clear dhcp ipv6 proxy binding

Clears Dynamic Host Configuration Protocol (DHCP) relay bindings for prefix delegation.

show dhcp ipv6 proxy interface

To display the proxy interface information for Dynamic Host Configuration Protocol (DHCP), use the show dhcp ipv6 proxy interface command in EXEC mode.

show dhcp ipv6 proxy interface { type | interface-path-id } { location | location }

Syntax Description

type

Interface type. For more information, use the question mark (?) online help function.

interface-path-id

Physical interface or virtual interface.

Note   

Use the show interfaces command to see a list of all interfaces currently configured on the router.

For more information about the syntax for the router, use the question mark ( ? ) online help function.

location

Displays the node location by Interface.

location

Displays the fully qualified location specification of an interface.

Command Default

None

Command Modes

EXEC

Command History

Release Modification
Release 4.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

ip-services

read

Examples

This is a sample output from the show dhcp ipv6 proxy interface command:


RP/0/RSP0/CPU0:router# show dhcp ipv6 proxy interface 

Tue Sep  4 19:14:54.056 UTC
Codes: Amb - Ambiguous VLAN, B - Base, R - Relay, P - Proxy,
       SR - Server, S - Snoop, C - Client, INV - Invalid
       CID - Circuit Id, RID - Remote Id, INTF - Interface

Interface              Mode Profile Name                             Amb Lease Limit
------------------------------------------------------------------------------------
BE1.100                P    pxy1                                     No  None
BE1.200                P    pxy1                                     No  None
BE1.250                P    pxy1                                     Yes None
BE1.400                P    pxy1                                     Yes None


trust relay-reply

To configure a DHCP IPv6 profile to enable processing relay-replies, use the trust relay-reply command in DCHP IPv6 profile configuration mode. To restore the interface to the default behavior, use the no form of the command.

trust relay-reply

no trust relay-reply

This command has no keywords or arguments.

Command Default

By default, all interfaces are trusted.

Command Modes

DHCP IPv6 profile configuration

Command History

Release Modification
Release 4.1.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation
ip-services

read, write

Examples

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# dhcp ipv6
RP/0/RSP0/CPU0:router(config-dhcpv6)# profile downstream proxy
RP/0/RSP0/CPU0:router(config-dhcpv6-profile)# helper-address ff05::1:3
RP/0/RSP0/CPU0:router(config-dhcpv6-profile)# exit
RP/0/RSP0/CPU0:router(config-dhcpv6)# profile upstream proxy
RP/0/RSP0/CPU0:router(config-dhcpv6-profile)# trust relay-reply

Related Commands

Command

Description

helper-address (ipv6)

Configures the Dynamic Host Configuration Protocol (DHCP) IPv6 relay agent for prefix delegation.

trusted

To configure a DHCP snooping profile to supported trusted sources, use the trusted command in DCHP IPv4 Profile Snoop configuration mode. To restore the interface to the default behavior, us the no form of the command.

trusted

no trusted

Command Default

By default, the DHCP snooping profile is for untrusted sources.

Command Modes

DHCP IPv4 Snoop Profile configuration mode

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

A bridge port can be configured to be trusted by assigning this DHCP snooping profile to a bridge port or a bridge-domain.

DHCP snooping selectively forwards DHCP DISCOVER and DHCP REQUEST messages to trusted interfaces only, thereby preventing often malicious hosts from seeing the DHCP exchanges.

Task ID

Task ID

Operations

ip-services

read

Examples

The following example shows how to configure the snoop profile named trustedServerProfile to be trusted:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile trestedServerProfile snoop
RP/0/RSP0/CPU0:router(config-dhcpv4-snoop-profile)# trusted

Related Commands

Command

Description

relay information option

Allows the insertion of a DHCP relay agent information option in forwarded BOOTREQUEST messages on a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and giaddr set to zero.

vrf (relay profile)

To configure a relay profile on a VPN routing and forwarding (VRF) instance, use the vrf (relay profile) command in Dynamic Host Configuration Protocol (DHCP) IPv4 configuration mode. To disable this feature, use the no form of this command.

vrf { vrf-name { relay } profile-name | default | all }

no vrf { vrf-name { relay } profile-name | default | all }

Syntax Description

vrf-name

User-defined name for the VRF.

relay

Specifies a relay profile.

profile-name

Specifies a name for the profile.

default

Specifies a profile for the default VRF.

all

Specifies a profile for all VRFs.

Command Default

If default is selected, then the configuration defaults to VRF.

Command Modes

DHCP IPv4 configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to set the relay profile for all VRFs:

RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
RP/0/RSP0/CPU0:router(config-dhcpv4)# vrf all

Related Commands

Command

Description

dhcp ipv4

Enables DHCP for IPv4 and enters DHCP IPv4 configuration mode.

Configures how a relay agent processes BOOTREQUEST messages that already contain a nonzero giaddr attribute.

Configures the DHCP relay agent to relay packets to a specific DHCP Server.

profile (DHCP)

Configures a relay profile for the DHCP IPv4 component.

relay information check

Configures a DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

relay information option

Enables the system to insert a DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server.

relay information option allow-untrusted

Configures the DHCP component to not drop BOOTREQUEST messages that have the relay information option set and the giaddr set to zero.

Configures how a relay agent processes BOOTREQUEST messages that already contain a relay information option.