Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
0
Helpful
1
Replies

LAN dhcp snooping configuration

Go to solution
bapatsubodh
Level 1
Level 1

‎10-25-2009 07:00 PM - edited ‎03-04-2019 06:29 AM

Hi,

We have Windows DHCP server running on the existing LAN setup consosting many L2 and L3 switches. Switches are connected to each other by trunks. We are planning to configure DHCP server on each switch seperately. I need to make sure that once swicth is configured as a DHCP server all hosts connected to that swicth will get IP address only from that switch. Even if by some chance, if any host gets an IP from windows DHCP server it will be in different subnet and it will not be able to communicate with any other device. For that I need to configure DHCP snooping on the trunk port in such a way that it will "NOT accept" any DHCP replies. In our case reply from windows DHCP server. In notmal case DHCP replies are accepted only from trunk ports but in out case it is exactly opposite.

Please share the experience.

Any link on cisco.com is highly appreciable.

Thanks in advance.

Subodh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-26-2009 12:59 AM

Hello Subodh,

>> We are planning to configure DHCP server on each switch seperately

Well, let me say this is quite uncommon, centralized DHCP servers have their advantages.

I guess you are in the middle of an address plan migration.

I would consider using ip address secondary on default gateways and resizing current dhcp scopes

However, if you enable DHCP snooping it is enough to let the trunk port untrusted (that is by default) to block DHCP server activity.

see

interface range GigabitEthernet 1/1 - 2

switchport mode trunk

switchport trunk encapsulation dot1q

>>>no ip dhcp snooping trust

Hope to help

Giuseppe

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-26-2009 12:59 AM

Hello Subodh,

>> We are planning to configure DHCP server on each switch seperately

Well, let me say this is quite uncommon, centralized DHCP servers have their advantages.

I guess you are in the middle of an address plan migration.

I would consider using ip address secondary on default gateways and resizing current dhcp scopes

However, if you enable DHCP snooping it is enough to let the trunk port untrusted (that is by default) to block DHCP server activity.

see

interface range GigabitEthernet 1/1 - 2

switchport mode trunk

switchport trunk encapsulation dot1q

>>>no ip dhcp snooping trust

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents