show ip dhcp snooping binding
Displays the DHCP snooping binding database, which maps client MAC addresses to leased IP addresses, VLANs, and interfaces, used to verify DHCP snooping entries and detect unauthorized DHCP activity.
show ip dhcp snooping bindingWhen to Use This Command
- Verify that a legitimate client has received an IP address via DHCP and is bound in the snooping database.
- Troubleshoot connectivity issues caused by missing or incorrect DHCP snooping bindings.
- Audit the network for unauthorized DHCP servers or rogue clients by inspecting the binding table.
- Confirm that a static binding (ip dhcp snooping binding) has been added correctly.
Command Examples
Basic show ip dhcp snooping binding
show ip dhcp snooping bindingMacAddress IpAddress Lease(sec) Type VLAN Interface ------------------ --------------- ---------- ------------- ---- -------------------- 00:1A:2B:3C:4D:5E 192.168.1.10 86300 dhcp-snooping 10 GigabitEthernet0/1 00:1B:2C:3D:4E:5F 192.168.1.11 86100 dhcp-snooping 10 GigabitEthernet0/2 Total number of bindings: 2
MacAddress: Client MAC address. IpAddress: Leased IP address. Lease(sec): Remaining lease time in seconds. Type: 'dhcp-snooping' for dynamic bindings, 'static' for manually configured. VLAN: VLAN ID where client resides. Interface: Switch port connected to client. Total number of bindings: Count of all entries.
Show with specific VLAN filter
show ip dhcp snooping binding vlan 20MacAddress IpAddress Lease(sec) Type VLAN Interface ------------------ --------------- ---------- ------------- ---- -------------------- 00:2A:3B:4C:5D:6E 192.168.2.10 43200 dhcp-snooping 20 GigabitEthernet0/5 Total number of bindings: 1
Filters output to show only bindings in VLAN 20. Useful for isolating issues in a specific VLAN.
Understanding the Output
The output lists each DHCP snooping binding entry. The MacAddress column shows the client's MAC address. IpAddress is the IP address assigned by the DHCP server. Lease(sec) indicates remaining lease time; a low value may indicate a lease about to expire. Type distinguishes dynamic (dhcp-snooping) from static bindings. VLAN and Interface identify the client's location. A missing binding for a known client suggests DHCP snooping is not learning properly, possibly due to untrusted ports or disabled snooping. An unexpected binding could indicate a rogue device. The total count helps quickly assess the size of the binding table.
CCNA Exam Tips
CCNA exam may ask what command verifies that a client has received an IP address via DHCP snooping — answer: show ip dhcp snooping binding.
Remember that only DHCPACK messages create bindings; DHCPOFFER or DHCPREQUEST do not.
Static bindings (ip dhcp snooping binding) appear with Type 'static' and are used for devices that require fixed IPs.
If a binding is missing, check that the interface is trusted for DHCP snooping (no ip dhcp snooping trust) or that snooping is enabled globally and per VLAN.
Common Mistakes
Assuming that show ip dhcp snooping binding shows all DHCP activity; it only shows successful DHCPACK bindings.
Forgetting to enable DHCP snooping globally and per VLAN before expecting bindings to appear.
Confusing the output with show ip dhcp snooping (which shows snooping configuration and statistics, not bindings).
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions