Solved: Re: DHCP Snooping C9300 switch acting as a DHCP server

davparker · ‎09-18-2024

We have a managed router solution on our WAN. We don't have direct access to the router, configs, logs, etc. (Inherited this design).

MRS <-> C9300 (layer3)

At each location the C9300 switch is also configured as the DHCP server.

At one location, the provider's MRS router suddenly started handing out DHCP addresses for some clients. DNS and GW are all wrong. The router uplink is in the same VLAN as the office desktops. DHCP should not be enabled on the MRS router. There are plenty available addresses in the DHCP pool.

While waiting for the provider to respond to the ticket, I thought I might enable DHCP Snooping with no trust port specified given the local switch hands out the DHCP leases. I'm thinking this would prevent the switch from forwarding requests to the router while leaving the switch to hand out leases.

Does this seem reasonable?

I'm not on-site, no techs. Want to get it right the first time.

Thanks - David

Reza Sharifi · ‎09-18-2024

It seems reasonable but you may not save the config and have someone reload the switch in case something goes wrong. Other than that

ip dhcp snooping

ip dhcp snooping van x

inter gi1/x/x (this is the interface connected to the provider's router)

ip dhcp snooping untrusted

to verify:

sh ip dhcp snooping

And since the switch itself hands out ip directly to users, there is no need for the "trusted" command.

HTH

View solution in original post

Reza Sharifi · ‎09-18-2024