Table of Contents
Advertisement
Configuring DHCP Snooping on a VLAN
The DHCP-snooping binding table contains the MAC address, IP address, lease time in seconds, and
VLAN port information for the DHCP clients on the untrusted ports of a switch. The information that is
contained in a DHCP-snooping binding table is removed from the binding table once its lease expires or
DHCP snooping is disabled in the VLAN.
In software release 8.6(1) and later releases, you can enable DHCP snooping on a per-port basis.
Note
These DHCP messages are used to build the DHCP binding table:
•
•
•
•
Each switch maintains a DHCP-snooping binding table for only the local untrusted ports. The table does
not store information about the DHCP-snooping binding table for the hosts that are directly connected
to other switches, and it does not contain information about the hosts that are connected through a trusted
port. A trusted port has an entity, such as a relay agent or DHCP server, that is directly connected or is
the forwarding path to such an entity. Any path to a relay agent or DHCP server should be trusted.
DHCP Snooping Configuration Guidelines
This section describes the guidelines for configuring DHCP snooping in your network:
•
•
•
•
•
•
Configuring DHCP Snooping on a VLAN
Typically, DHCP snooping is used at the access-level network, such as a wiring closet. When you enable
DHCP snooping on a VLAN, it builds a table of IP addresses to MAC-address bindings for the DHCP
clients on that VLAN.
In software release 8.6(1) and later releases, you can enable DHCP snooping on a per-port basis.
Note
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
33-2
DHCPACK—Adds a new dynamic DHCP binding entry if the binding entry does not already exist.
DHCPNAK—Deletes an existing DHCP binding entry.
DHCPRELEASE—Deletes a dynamic DHCP binding entry if the binding entry exists.
DHCPDECLINE—Deletes a dynamic DHCP binding entry if the binding entry exists.
In software release 8.6(1) and later releases, you can enable DHCP snooping on a per-port basis.
If you do a non-high availability switchover with DHCP snooping enabled, you will lose the
contents of the DHCP-snooping binding table. We do not recommend using this configuration.
DHCP snooping is supported on the Policy Feature Card (PFC) and later versions.
The DHCP-snooping binding table is limited to 16,384 entries. Once the limit is reached, no new
entries can be added until the lease time is reached on the older entries.
802.1X-DHCP and DHCP snooping are mutually exclusive. You should not configure a VLAN for
both 802.1X-DHCP and DHCP snooping. If you configure both 802.1X and DHCP snooping in your
ACL, the feature that is positioned higher up in the ACL overrides the other feature.
We recommend that you enable high availability when using dynamic ARP inspection (DAI), DHCP
snooping, and IP source guard. If high availability is not enabled, the clients have to renew their IP
addresses for these features to work after a switchover. For configuration details on DAI, see the
"Dynamic ARP Inspection" section on page
Chapter 33
Configuring DHCP Snooping and IP Source Guard
15-39.
OL-8978-04
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
