Netgear M4300-52G (GSM4352S) - Stackable Managed Switch with 48x1G and 4x10G including 2x10GBASE-T and 2xSFP+ Layer 3 관리자 가이드

Control the logging DHCP messages filtration by the DHCP Snooping application for port 
1/0/27.

Display the buffered logging output and search for “DHCP packet; op Reply” so you can 
determine the IP address and MAC address of the rogue DHCP server.

In the previous example, the IP address of the DHCP server is 10.100.5.253 and the 
MAC address is 00:26:F2:F6:B3:6C.

Check the statistics on the untrusted ports:

a. Select Security > Control > DHCP Snooping > Statistics.

A screen similar to the following displays.

b.  Determine if messages in the DHCP Server Msgs Rec’d column increase for any 

port.

(Netgear Switch) (Interface 1/0/27)#ip dhcp snooping log-invalid

(Netgear Switch) #show logging buffered

<12> Jan  1 05:45:02 172.26.2.129-1 DHCP_SNP[108612668]: ds_util.c(1777) 1112 %% 
DHCP packet: op Reply, htype 1, hlen 6, hops 0, xid 3478478447, secs 0, ciaddr 
0.0.0.0, yiaddr 10.100.4.14, server 10.100.5.253, giaddr 0.0.0.0, chaddr 
6C:B0:CE:19:AE:3D.

<12> Jan  1 05:45:02 172.26.2.129-1 DHCP_SNP[108612668]: ds_util.c(1735) 1111 %% IP 
packet: ver/hlen 0x45, tos 0, len 299, id 0, flags/offset   00, ttl 64, proto 17, 
src 10.100.5.253, dst 255.255.255.255.

<12> Jan  1 05:45:02 172.26.2.129-1 DHCP_SNP[108612668]: ds_util.c(1702) 1110 %% 
Ethernet header: dest FF:FF:FF:FF:FF:FF, src 00:26:F2:F6:B3:6C, type/len 0x8100.

<12> Jan  1 05:45:02 172.26.2.129-1 DHCP_SNP[108612668]: ds_main.c(2596) 1109 %% 
DHCP snooping dropping DHCP server message received on untrusted interface 1/0/27 on 
vlan 1. This message appears when DHCP Snooping untrusted port drops the DHCP Server 
message.