cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
240
Views
0
Helpful
1
Replies

DHCP Snooping C9300 switch acting as a DHCP server

davparker
Level 1
Level 1

We have a managed router solution on our WAN. We don't have direct access to the router, configs, logs, etc. (Inherited this design).

MRS <-> C9300 (layer3)

At each location the C9300 switch is also configured as the DHCP server.

At one location, the provider's MRS router suddenly started handing out DHCP addresses for some clients. DNS and GW are all wrong. The router uplink is in the same VLAN as the office desktops. DHCP should not be enabled on the MRS router. There are plenty available addresses in the DHCP pool.

While waiting for the provider to respond to the ticket, I thought I might enable DHCP Snooping with no trust port specified given the local switch hands out the DHCP leases. I'm thinking this would prevent the switch from forwarding requests to the router while leaving the switch to hand out leases.

Does this seem reasonable?

I'm not on-site, no techs. Want to get it right the first time.

Thanks - David

1 Accepted Solution

Accepted Solutions

Reza Sharifi
Hall of Fame
Hall of Fame

It seems reasonable but you may not save the config and have someone reload the switch in case something goes wrong. Other than that

ip dhcp snooping

ip dhcp snooping van x

inter gi1/x/x (this is the interface connected to the provider's router)

ip dhcp snooping untrusted

to verify:

sh ip dhcp snooping 

And since the switch itself hands out ip directly to users, there is no need for the "trusted" command.

HTH

 

View solution in original post