Enabling Dhcp Snooping On The Aggregation Switch - Cisco Catalyst 4500 series Administration Manual
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 53
Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
Switch(config-if)# ip dhcp snooping vlan 555 information option format-type circuit-id
string customer-555
Switch(config-if)# interface FastEthernet 2/1
Switch(config-if)# ip dhcp snooping vlan 555 information option format-type circuit-id
string customer-500
Switch(config)# end
Switch# show ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
500,555
DHCP snooping is operational on following VLANs:
500,555
DHCP snooping is configured on the following L3 Interfaces:
Insertion of option 82 is enabled
Option 82 on untrusted port is not allowed Verification of hwaddr field is enabled DHCP
snooping trust/rate is configured on the following Interfaces:
Interface
------------------------
FastEthernet5/1
Custom circuit-ids:
FastEthernet2/1
Custom circuit-ids:
Switch#
The following configuration describes the DHCP snooping configuration steps if routing is defined on
another Catalyst switch (for example, a Catalyst 6500 series switch):
// Trust the uplink gigabit Ethernet trunk port
interface range GigabitEthernet 1/1 – 2
switchport mode trunk
switchport trunk encapsulation dot1q
ip dhcp snooping trust
!
interface VLAN 14
ip address 10.33.234.1 255.255.254.0
ip helper-address 10.5.1.2
If you are enabling trunking on uplink gigabit interfaces, and the above routing configuration is defined
Note
on a Catalyst 6500 series switch, you must configure the "trust" relationship with downstream DHCP
snooping (on a Catalyst 4500 series switch) which adds Option 82. On a Catalyst 6500 series switch, this
task is accomplished with the ip dhcp relay information trusted VLAN configuration command.
Enabling DHCP Snooping on the Aggregation Switch
To enable DHCP snooping on an aggregation switch, configure the interface connecting to a downstream
switch as a snooping untrusted port. If the downstream switch (or a device such as a DSLAM in the path
between the aggregation switch and the DHCP clients) adds DHCP information Option 82 to the DHCP
packets, the DHCP packets would be dropped on arriving on a snooping untrusted port. If you configure
OL_28731-01
circuit-id default format: vlan-mod-port
remote-id: switch123 (string)
VLAN 555: customer-555
VLAN 500: customer-500
Trusted
Rate limit (pps)
-------
----------------
yes
100
no
unlimited
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
Configuring DHCP Snooping
53-9
Advertisement
Chapters
Table of Contents
Troubleshooting
