Solved: Cisco 892 DHCP snooping not blocking DHCP offers from untrusted ports

Sam Brynes · ‎12-10-2019

I have a Cisco 892 running version 15.7(3)M4a.

I configured DHCP snooping on it. I have a trunk on the Cisco 892 configured as an uplink to a Cisco layer 3 switch that is acting as a DHCP server, and I have a Windows box connected to an access port to the Cisco 892. The VLAN assigned to the Windows box is included and allowed (and not pruned) on the trunk uplink to the Cisco layer 3 switch.

I expected not to be able to get an IP via DHCP on my Windows box after configuring DHCP snooping because I don't have the trunk port to the Cisco layer 3 switch configured as trusted, but my Windows box still gets an IP.

Does anyone have any ideas on why DHCP snooping would not be blocking DHCP offer packets on the uplink to the Cisco layer 3 DHCP server without configuring it as a trusted port?

Georg Pauwen · ‎12-11-2019

Hello,

Cisco 800 routers do not support DHCO snooping, the commands might be available, but they don't take effect.

https://www.cisco.com/c/en/us/td/docs/routers/access/800/software/configuration/guide/SCG800Guide/SCG800_Guide_BookMap_chapter_01110.html#con_1052848

View solution in original post

Georg Pauwen · ‎12-11-2019

Hello,

Cisco 800 routers do not support DHCO snooping, the commands might be available, but they don't take effect.

https://www.cisco.com/c/en/us/td/docs/routers/access/800/software/configuration/guide/SCG800Guide/SCG800_Guide_BookMap_chapter_01110.html#con_1052848