Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
3
Replies

DHCP snooping

emilyharris
Level 1
Level 1

‎06-14-2005 10:57 AM - edited ‎03-02-2019 11:05 PM

I apologize for the swarm of questions, but we're getting ready for a major upgrade and I'm just trying to get some clarification on a few things.

DHCP snooping we've tested on 3550s, and it works great locally. We then figured out, in installation, that the switch where the DHCP server resides (across the network) also needed DHCP snooping enabled. In other words, with the DHCP server on a different VLAN, the switch with the DHCP server also needed trusted/untrusted configuration.

Is it therefore safe to say, given anyone's experience in these matters, that with IP DHCP snooping, the feature MUST be enabled on every switch between the requesting client and the DHCP server?

FYI, I've gone through the "configuring DHCP snooping and IP source guard" document, and only find examples limited to one switch (where client and server are on the same device).

Thank you!

Labels:
0 Helpful
3 Replies 3

tarun209
Level 1
Level 1

‎06-14-2005 11:06 AM

Hi

I hope the below link helps you out

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_13/config/dhcp.htm

Thank&Regards

Tarun G

0 Helpful

emilyharris
Level 1
Level 1
In response to tarun209

‎06-14-2005 11:17 AM

Thanks, Tarun - but it isn't that helpful. The issue is that on the access layer, we have a 48-port switch, and way down through copper, fiber, and the rotuer, we have the DHCP server. We need DHCP snooping to ensure that the client over on the switch only gets s DHCP address from the server across the network, and a mistakenly-plugged-in device will not disrupt DHCP operations for a whole VLAN.

So do I need dhcp snooping on the local switch, AND the router, and all the switches in between?

0 Helpful

ankurbhasin
Level 9
Level 9
In response to emilyharris

‎06-14-2005 11:47 AM

Hi Emil,

As what I am aware it should be done on the local switch and not on all the switches in between. By this I mean the DHCP snooping binding table contains the MAC address, IP address, lease time, binding type, VLAN number, and interface information that corresponds to the local untrusted interfaces of a switch; it does not contain information regarding hosts interconnected with a trusted interface. An untrusted interface is an interface that is configured to receive messages from outside the network or firewall. A trusted interface is an interface that is configured to receive only messages from within the network.

DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also gives you a way to differentiate between untrusted interfaces connected to the end user and trusted interfaces connected to the DHCP server or another switch.

HTH

Ankur

Ankur

0 Helpful
Customers Also Viewed These Support Documents