Can we enable DHCP snooping on a single switch network?

Srikanth89 · ‎08-10-2016

I am not quite fond of layer 2 security features as they appear to be simple and easy to understand rather than to implement.

Kindly help me on a layer 2 security query,

We have a single switch network:

External

^

|

FW

|

Core switch

^

|

Inside network with DHCP server

Is it advisable to configure dhcp snooping on a single switch network which also acts as a core switch for the network?

Also please advise how do we configure the same?

johnd2310 · ‎08-10-2016

Hi,

DHCP snooping is normally configured on access switches where clients connect. Do you have clients connected to the Core switch?

Thanks

John

**Please rate posts you find helpful**

Srikanth89 · ‎08-10-2016

Hi John,

Thanks for the reply.

Yes we have clients and IP phones connecting to the same switch. It is a one switch network.

We have a DHCP server configured in the inside, so I just configure the "trusted config" on just that port?

Thanks

johnd2310 · ‎08-14-2016

Hi,

Yes, you can configure dhcp snooping for your clients. I would also recommend configuring arp inspection and port security as well.

Before you configure dhcp snooping and arp inspection, check the ios version on your swicth. I have had some issues with dhcp snooping and arp inspection on 15.0 versions of ios. 15.0.2.SE9 work fine. I haven't test the newer 15.0.2.SE10

Have a look at the following doc on configuration of dhcp snooping:

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/SAFE_RG/SAFE_rg/chap8.html

Thanks

John

**Please rate posts you find helpful**