Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1812
Views
0
Helpful
6
Replies

Dhcp snooping binding on Layer 3 and layer 2 switch

Go to solution
mahesh18
Level 6
Level 6

‎01-22-2013 08:13 AM - edited ‎03-07-2019 11:14 AM

Hi everyone,

Need to confirm DHCP Snooping below.

If DHCP snooping is enabled for vlans say 10 on layer 3 and layer 2 switch.

Layer 3 switch is acting as DHCP server and it has trunk connection to layer 2 switch.

User PC connects to Layer 2 switch and gets IP from the layer 3 switch.

when i do sh ip dhcp snooping binding  should did this command show bindings  on both layer 2 and layer 3 switch?

As both have dhcp snooping enabled.

thanks

mahesh

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎01-22-2013 11:53 AM

Hello,

The snooping d/b will show all dhcp related assignments and subnet allocation from the l2 switch from all untrusted ports whatever vlan they are in.

The trunked interface would have to be trusted so snooping is not enabled on that.

on the l3 switch if you have access ports directly attached to this switch from dhcp then the snooping D/B  will show up also.

Have a look a perter paluch's post

https://supportforums.cisco.com/message/3381128#3381128

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to mahesh18

‎01-22-2013 01:43 PM

Hello mahesh,

I would say yes as snooping is enabled on both devices, BUT not sure why you would want to activate snooping on the distribution/core layer - do you have dhcp clients directly attached to these layers?

As long as the trunked link  from the access switch is trusted  and all access ports for the dhcp clients are set to untrusted  then I would say dhcp snooping  its not required on the distribution/core layers

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to mahesh18

‎01-22-2013 02:29 PM

hello Mahesh

yes that is correct?

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
6 Replies 6

Go to solution
paul driver
VIP
VIP

‎01-22-2013 11:53 AM

Hello,

The snooping d/b will show all dhcp related assignments and subnet allocation from the l2 switch from all untrusted ports whatever vlan they are in.

The trunked interface would have to be trusted so snooping is not enabled on that.

on the l3 switch if you have access ports directly attached to this switch from dhcp then the snooping D/B  will show up also.

Have a look a perter paluch's post

https://supportforums.cisco.com/message/3381128#3381128

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to paul driver

‎01-22-2013 12:32 PM

Hi Paul,

I have PC connected to layer 2 switch and its getting IP from layer 3 and i see Snooping database on both layer 2 and layer 3 switch.

Is this normal behaviour?

Thanks

Mahesh

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to mahesh18

‎01-22-2013 01:43 PM

Hello mahesh,

I would say yes as snooping is enabled on both devices, BUT not sure why you would want to activate snooping on the distribution/core layer - do you have dhcp clients directly attached to these layers?

As long as the trunked link  from the access switch is trusted  and all access ports for the dhcp clients are set to untrusted  then I would say dhcp snooping  its not required on the distribution/core layers

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to paul driver

‎01-22-2013 01:49 PM

Hi Paul,

Last thing to confirm is if users connect to switch say 6 access layers switch and this switch has trunk connection to main switch and main switch connects to dhcp server.

Then we should only enable dhcp snooping on access laywer switches and mark the uplink  ports as trusted ports right ?

Thanks

Mahesh

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to mahesh18

‎01-22-2013 02:29 PM

hello Mahesh

yes that is correct?

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to paul driver

‎01-23-2013 09:48 AM

Hi Paul,

May thanks for all the help.

Mahesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card