ā09-08-2023 09:43 PM
Hi Community,
I need to configure DHCP snooping on a switch and I have these commands:
globally:
ip dhcp snooping
ip dhcp snooping vlan 10.20
per interface:
ip dhcp snooping trust
But there is a problem, I can set the configuration by interface "ip dhcp snooping trust" knowing that this Host is a user, but what happens if that user enables DHCP then he will be able to assign IP to the other Hosts, faced with this problem, how can I fine-tune my dhcp snooping configuration?
Please support me in providing me with recommendations.
Solved! Go to Solution.
ā09-10-2023 07:08 PM
@Electronic20 hi, check below guide with good explanation. in that case this may be issue with your simulation. try some other tool like GNS3.
Trust command is only to use with DHCP server interface.
https://www.pearsonitcertification.com/articles/article.aspx?p=2474170
ā09-09-2023 12:00 AM
@Electronic20 hi, check below link for DHCP snooping guide. Pots which are connected to DHCP server and trunk ports need to configure as trust port. do not configure client connected interfaces as trust.
ā09-09-2023 12:06 AM
Of course, this is how the configuration should be, but I had a case with some switches that I configured as you indicate, but the ports of client did not obtain IP through DHCP, I had to put "ip dhcp snooping trus" so that they could only obtain DHCP.
Why could that have happened?
ā09-09-2023 03:17 AM
@Electronic20 may be the VLANS of those interfaces are not properly configured on snooping. can you share the config related to VLAN, snooping and trunks here.
ā09-09-2023 11:10 AM
Hi @Kasun Bandara,
I send the configuration:
ip dhcp snooping
ip dhcp snooping vlan 10,20
interface GigabitEthernet0/2
switchport access vlan 10
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security violation shutdown
spanning-tree portfast edge
ip dhcp snooping trust
interface GigabitEthernet0/1
switchport mode trunk
switchport trunk encapsulation dot1q
ip dhcp snooping trust
iAt the connectivity and vlan level, everything is in accordance.
As additional information, I am testing it in a simulator.
Your kind comment.
ā09-09-2023 07:41 PM
@Electronic20 for interface GigabitEthernet0/2, you dont need trust command. i assume that is connected to PC. which port connected to DHCP server?
ā09-10-2023 08:30 AM
Hi, @Kasun Bandara
Server DHCP
interface GigabitEthernet0/10
switchport access vlan 30
switchport mode access
ip dhcp snooping trust
As I indicated, I must put the "ip dhcp snooping trust" in the user interface so that it can obtain IP. I'm simulating it in EVE-GN.
hy is this happening? I see that all the configuration is fine.
ā09-10-2023 07:08 PM
@Electronic20 hi, check below guide with good explanation. in that case this may be issue with your simulation. try some other tool like GNS3.
Trust command is only to use with DHCP server interface.
https://www.pearsonitcertification.com/articles/article.aspx?p=2474170
ā09-13-2023 07:40 PM
thank you @Kasun Bandara
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide