User Guidelines
To enable DHCP snooping, do the following:
1 Enable DHCP Snooping globally.
2 Enable DHCP Snooping per VLAN.
3 Configure at least one DHCP Snooping trusted port via which the DHCP
server may be reached.
The bindings database populated by DHCP snooping is used by several other
services, including IP source guard and dynamic ARP inspection. DHCP
snooping must be enabled for these services to operate.
Example
The following configuration enables DHCP snooping on VLAN 1 for a switch
connected to a DHCP server over interface gi1/0/4:
console(config)#ip dhcp snooping
console(config)#ip dhcp snooping vlan 1
console(config-if-vlan1)#exit
console(config)#interface gi1/0/4
console(config-if-Gi1/0/4)#ip dhcp snooping trust
ip dhcp snooping binding
Use the ip dhcp snooping binding command to configure a static DHCP
Snooping binding. Use the "no" form of this command to remove a static
binding.
Syntax
ip dhcp snooping binding mac-address vlan vlan-id ip-address interface
interface-id
no ip dhcp snooping binding mac-address
•
mac-address
•
—
vlan-id
The identifier of the VLAN the client is authorized to use.
•
—
ip-address
•
—
interface-id
be an Ethernet interface identifier or a port channel interface identifier.
—
The client's MAC address.
The IP address of the client.
The interface on which the client is authorized. The interface may
Layer 2 Switching Commands
340