This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- Re: Clearing Ip-security dhcp-snooping violation l...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Clearing Ip-security dhcp-snooping violation list
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-25-2024 11:49 AM
I am not able to clear the violation entry. I've tried " clear ip-security dhcp-snooping entries vlan STUDENT_ITTSTAFF_849" and "clear ip-security dhcp-snooping entries STUDENT_ITTSTAFF_849 ports 5" Neither works.
M_RM_4277_SW_TES_EX.dccc.edu.40 # clear ip-security dhcp-snooping entries vlan STUDENT_ITTSTAFF_849
M_RM_4277_SW_TES_EX.dccc.edu.41 # show ip-security dhcp-snooping violations STUDENT_ITTSTAFF_849
------------------------------------
Port Violating MAC
------------------------------------
5 c0:3e:ba:4c:47:64
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
a month ago
I think that clearing 'entries' is not the same as clearing 'violations'.
"clear ip-security dhcp-snooping entries vlan STUDENT_ITTSTAFF_849" will clear the info in "show ip-security dhcp-snooping entries vlan STUDENT_ITTSTAFF_849".
However, I don't see a similar command to clear the violations in "show ip-security dhcp-snooping violations STUDENT_ITTSTAFF_849"
Is this causing an issue for your use case or is the command/output just confusing?
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
a month ago
I think that clearing 'entries' is not the same as clearing 'violations'.
"clear ip-security dhcp-snooping entries vlan STUDENT_ITTSTAFF_849" will clear the info in "show ip-security dhcp-snooping entries vlan STUDENT_ITTSTAFF_849".
However, I don't see a similar command to clear the violations in "show ip-security dhcp-snooping violations STUDENT_ITTSTAFF_849"
Is this causing an issue for your use case or is the command/output just confusing?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-25-2024 12:32 PM
Hi!
Your first command is the correct one. Does disabling and re-enabling the port helps?
What if you disable the port, issue your commands and re-enabling it? Maybe there is still DHCP-Traffic seen on that Port?
And some further questions:
Is this the first time that you see this issue? Did you just recently configure DHCP-Snooping or was it running fine for a long time?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-26-2024 06:12 AM
This is a x460 code ExtremeXOS version 31.6.2.1
This is a test switch that we are configuring before mass deployment to the existing network.
1) I removed the test device from the port 5 so there is no link on port 5 now 2) Disabled the port. 3) Ran the clear commands. 4) Ran the show violations cmd. -- violating mac and port is still there.
Any other suggestions welcomed.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
a month ago
Once the port is placed in the violations list
show ip-security dhcp-snooping violations STUDENT_ITTSTAFF_849
Port Violating MAC
5 c0:3e:ba:4c:47:64
The only way I found to remove it was to "disable ip-security dhcp-snooping vlan STUDENT_ITTSTAFF_849 port 5".
Of course the port would have to be enabled again
