Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
491
Views
1
Helpful
3
Replies

DHCP snooping config

carl_townshend
Spotlight
Spotlight

‎04-12-2023 02:29 AM

Hi Guys

We are looking at switching on dhcp snooping on our edge switches.

My question is, does dhcp snooping need to be enabled on every switch, or can it work on individual isolated switches?

For example, we have server switches where the dhcp server sits, a core and some edge switches, will it cause us any issues if we just enable it on the edge switches only?

cheers

Labels:
3 Replies 3

Kanan Huseynli
VIP
VIP

‎04-12-2023 02:56 AM

Hi,

is it normally enabled on edge - access switches where connected devices can result dhcp based problems. End devices are not connected to core, distro or DC switches, so you don't need enable on them.

Just, note that when you enable dhcp snooping on cisco, switch inserts option-82 but this is ignored on upstream switches (even when no snooping is enabled on upstream distro/ core switch). That's why you should either disable option-82 insertion (it does not result problem, if you dhcp environment does not use it) or allow this option on upstream switch.

https://www.cisco.com/en/US/docs/general/Test/dwerblo/broken_guide/snoodhcp.html

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

paul driver
VIP
VIP

‎04-12-2023 03:15 AM

Hello
Dhcp snooping is a L2 security feature as such it should be applied ONLY on the access edge switches, also by default ALL ports are untrusted so you will need to trust the switch plinks and of course the port where the dhcp server resides


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

MHM Cisco World
VIP
VIP

‎04-12-2023 04:00 AM - edited ‎04-12-2023 04:02 AM

Only you need to enable it in Access SW which direct connect to host'

Other SW no need' 

BUT' the link from access SW to other SW must config as trust if DHCP server connect to other SW 

Or 

Untrust if dhcp not connect and also direct connect to access SW.

Note:- no need to disable op-82 if other SW not run dhcp snooping.

0 Helpful
Customers Also Viewed These Support Documents