Solved: Configure DHCP snooping

Electronic20 · ‎09-08-2023

Hi Community,

I need to configure DHCP snooping on a switch and I have these commands:

globally:
ip dhcp snooping
ip dhcp snooping vlan 10.20

per interface:
ip dhcp snooping trust

But there is a problem, I can set the configuration by interface "ip dhcp snooping trust" knowing that this Host is a user, but what happens if that user enables DHCP then he will be able to assign IP to the other Hosts, faced with this problem, how can I fine-tune my dhcp snooping configuration?

Please support me in providing me with recommendations.

Kasun Bandara · ‎09-10-2023

@Electronic20 hi, check below guide with good explanation. in that case this may be issue with your simulation. try some other tool like GNS3.

Trust command is only to use with DHCP server interface.

https://www.pearsonitcertification.com/articles/article.aspx?p=2474170

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

View solution in original post

Kasun Bandara · ‎09-09-2023

@Electronic20 hi, check below link for DHCP snooping guide. Pots which are connected to DHCP server and trunk ports need to configure as trust port. do not configure client connected interfaces as trust.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Electronic20 · ‎09-09-2023

Hi @Kasun Bandara

Of course, this is how the configuration should be, but I had a case with some switches that I configured as you indicate, but the ports of client did not obtain IP through DHCP, I had to put "ip dhcp snooping trus" so that they could only obtain DHCP.

Why could that have happened?

Kasun Bandara · ‎09-09-2023

@Electronic20 may be the VLANS of those interfaces are not properly configured on snooping. can you share the config related to VLAN, snooping and trunks here.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Electronic20 · ‎09-09-2023

Hi @Kasun Bandara,

I send the configuration:

ip dhcp snooping
ip dhcp snooping vlan 10,20

interface GigabitEthernet0/2
switchport access vlan 10
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security violation shutdown
spanning-tree portfast edge
ip dhcp snooping trust

interface GigabitEthernet0/1
switchport mode trunk
switchport trunk encapsulation dot1q
ip dhcp snooping trust

iAt the connectivity and vlan level, everything is in accordance.

As additional information, I am testing it in a simulator.

Your kind comment.

Kasun Bandara · ‎09-09-2023

@Electronic20 for interface GigabitEthernet0/2, you dont need trust command. i assume that is connected to PC. which port connected to DHCP server?

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Electronic20 · ‎09-10-2023

Hi, @Kasun Bandara

Server DHCP

interface GigabitEthernet0/10
switchport access vlan 30
switchport mode access
ip dhcp snooping trust

As I indicated, I must put the "ip dhcp snooping trust" in the user interface so that it can obtain IP. I'm simulating it in EVE-GN.

hy is this happening? I see that all the configuration is fine.

Kasun Bandara · ‎09-10-2023

@Electronic20 hi, check below guide with good explanation. in that case this may be issue with your simulation. try some other tool like GNS3.

Trust command is only to use with DHCP server interface.

https://www.pearsonitcertification.com/articles/article.aspx?p=2474170

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Electronic20 · ‎09-13-2023

thank you @Kasun Bandara