Figure 23-12 Configuration example where DHCP snooping is performed via a Layer 3
(1) Enabling DHCP snooping
Points to note
Enable DHCP snooping on the entire Switch and configure the following:
Command examples
1.
(config)# ip dhcp snooping
Enables DHCP snooping on the entire Switch.
2.
(config)# vlan 2
(config-vlan)# exit
(config)# ip dhcp snooping vlan 2
Enables DHCP snooping on VLAN ID 2. DHCP snooping is enabled only on the
VLANs that are specified by using this command.
3.
(config)# interface fastethernet 0/1
(config-if)# switchport mode access
(config-if)# switchport access vlan 2
(config-if)# exit
Sets port 0/1 as an access port, and sets VLAN ID 2 as the VLAN containing port 0/1.
switch
Set the VLANs on which DHCP snooping is to be enabled.
Set the port to which a DHCP server is connected as a trusted port.
Set terminal filtering for untrusted ports. This discards packets from terminals
not registered in the DB.
23 DHCP Snooping
421