Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What is DHCP snooping database and when is it being used in EX-series Ethernet Switches?



Article ID: KB10961 KB Last Updated: 30 Jul 2020Version: 5.0

Dynamic Host Configuration Protocol (DHCP) allocates IP addresses dynamically, “leasing” addresses to devices so that the addresses can be reused when no longer needed. DHCP snooping database is often referred by many security features in EX switches, such as port security, DHCP, DAI and MAC limiting. The information below explains the content of the table and the CLI command to display the table content.


DHCP snooping reads the lease information from the switch (which is a DHCP client) and from this information creates the DHCP snooping database. This database is a mapping between IP address and VLAN-MAC pair. For each VLAN-MAC address pair, the database stores the corresponding IP address.

The JUNOS software creates a DHCP snooping information table that displays the content of the DHCP snooping database. The table shows current MAC address-IP address bindings, as well as lease time, type of binding, names of associated VLANs, and associated interface. To view the table, use the command 'show dhcp snooping binding' at the operational mode prompt.

The example below shows a table with 3 entries with corresponding MAC address and IP address, the leasing time in seconds, type of binding (dynamic), the associated VLAN (employee—vlan) and associated interface.

user@switch> show dhcp snooping binding
DHCP Snooping Information:
MAC Address      IP Address Lease  Type   VLAN   Interface
----------------- ---------- ----- ---- ---- ---------
00:05:85:3A:82:77 600 dynamic employee—vlan ge-0/0/1.0
00:05:85:3A:82:79 653 dynamic employee—vlan ge-0/0/1.0
00:05:85:3A:82:80 720 dynamic employee—vlan ge-0/0/2.0

Modification History:
2020-07-30: Added link for reference to the command mentioned in the KB

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search