hi mark

k275972560 · ‎07-25-2016

Hello, everyone

I build a lab this morning to test dhcp snooping, Sw1 is access Layer and must have DHCP snooping enabled, SW2 is aggregation layer and no DHCP snooping, VLAN100 is user vlan, and Vlan 200 is servers Vlan.

Dhcp snooping is working well when SW2 have no SVIs up, and pc1 get the ip address. but here is my problem, pc1 cannot get IP any more after the SVIs in SW is up. I have learnt that DHCP snooping is a Layer 2 measure, so what to do if i need DHCP snooping with SVIs up on SW2?

any explain will be appreciated.

-----------------------------------------------------------------

DHCP:

ip dhcp excluded-address 10.1.100.1

ip dhcp pool v100
network 10.1.100.0 255.255.255.0
default-router 10.1.100.1

interface Ethernet0/0
ip address 10.1.200.254 255.255.255.0

router eigrp 1
network 0.0.0.0

SW1

ip dhcp snooping vlan 100
ip dhcp snooping

interface Vlan100
ip address 10.1.100.1 255.255.255.0
ip helper-address 10.1.200.254

router eigrp 1

network 0.0.0.0 0.0.0.0

int e0/0

switchport mode access

swi ac vl100

int e3/0

swi tru en do

swi mode trunk

vlan 100,200

SW2

vlan100,200

int e0/0

swi mo ac

swi ac vl 200

int e3/0

swi tru en d

swi m tru

Mark Malone · ‎07-25-2016

Hi

On a routed SVI you don't require any dhcp snooping commands as its a layer 2 security feature , is that sw2 working as layer 2 or 3 ? if its layer 2 you shouldn't have multiple SVIs on it as only a mgmt. SVI is really required for reachability

k275972560 · ‎07-26-2016

hi mark

no, i don't configure dhcp snooping on a L3 port. in my lab, SW2 is a l3 switch, I was using simulator, I found it even in a same configuration, DHCP snooping react differently in differ virtual IOS, so i guess i need find more information about it and use a real switch evirement. thank you.

DHCP snooping, can anyone explain what SVI interfaces have to do with snooping