Enabling Dhcp Snooping And Option 82 - Cisco IE 3000 Software Configuration Manual

Chapter 20 Configuring DHCP Features
To disable the DHCP server and relay agent, use the no service dhcp global configuration command.
See the "Configuring DHCP" section of the "IP Addressing and Services" section of the Cisco IOS IP
Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS
Software > 12.2 Mainline > Configuration Guides for these procedures:
•
•

Enabling DHCP Snooping and Option 82

Beginning in privileged EXEC mode, follow these steps to enable DHCP snooping on the switch:
Command
Step 1 configure terminal
Step 2
ip dhcp snooping
Step 3 ip dhcp snooping vlan vlan-range
Step 4
ip dhcp snooping information option
Step 5 ip dhcp snooping information option
allow-untrusted
Step 6 interface interface-id
Step 7 ip dhcp snooping trust
Step 8 ip dhcp snooping limit rate rate
Step 9 exit
OL-13018-01
Checking (validating) the relay agent information
Configuring the relay agent forwarding policy
Purpose
Enter global configuration mode.
Enable DHCP snooping globally.
Enable DHCP snooping on a VLAN or range of VLANs. The range is 1
to 4094.
You can enter a single VLAN ID identified by VLAN ID number, a series
of VLAN IDs separated by commas, a range of VLAN IDs separated by
hyphens, or a range of VLAN IDs separated by entering the starting and
ending VLAN IDs separated by a space.
Enable the switch to insert and remove DHCP relay information
(option-82 field) in forwarded DHCP request messages to the DHCP
server. This is the default setting.
(Optional) If the switch is an aggregation switch connected to an edge
switch, enable the switch to accept incoming DHCP snooping packets
with option-82 information from the edge switch.
The default setting is disabled.
Note
Specify the interface to be configured, and enter interface configuration
mode.
(Optional) Configure the interface as trusted or untrusted. You can use the
no keyword to configure an interface to receive messages from an
untrusted client. The default setting is untrusted.
(Optional) Configure the number of DHCP packets per second that an
interface can receive. The range is 1 to 2048. By default, no rate limit is
configured.
Note
Return to global configuration mode.
Enter this command only on aggregation switches that are
connected to trusted devices.
We recommend an untrusted rate limit of not more than 100
packets per second. If you configure rate limiting for trusted
interfaces, you might need to increase the rate limit if the port is
a trunk port assigned to more than one VLAN on which DHCP
snooping is enabled.
Cisco IE 3000 Switch Software Configuration Guide
Configuring DHCP Features
20-9