cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

DHCP snooping configuration

tverhoeven
Beginner
Beginner

I have a 4500x at the core.  My dhcp server is connected here and then I have client 2960x switches.  I am seeing "bad address" in a few scopes in my DHCP server.  Snooping is on and I am wondering does "trust need to be setup end to end?  From the port where the dhcp server is plugged in through all trunks to the client?

 

If that makes sense.

 

thanks

6 REPLIES 6

Reza Sharifi
Hall of Fame Expert Hall of Fame Expert
Hall of Fame Expert

Hi,

It needs to be enabled on the access switches connecting to the core and also at the 4500x where the DHCP is connected.

 

HTH

Flavio Miranda
Advisor
Advisor

Hi

  DHCP snooping is a security feature aimed to avoid Rogue DHCP server. So, if that is a concern, make sense then you protec all the way down to the clients.  Otherwise, if you put is only on the access switch, your protection would be incomplete.

MHM Cisco World
Advisor
Advisor

are there any FW connect to Core SW ??
if yes then
disable proxy-arp 

on the core?

if there is any FW connect to core and it config with NAT, then the FW can reply to any ARP send from DHCP server for that subnet and this make client couldnot get ip from DHCP server.

Jitendra Kumar
Rising star
Rising star

DHCP BAD_ADDRESS occurs when the DHCP server is asked for an IP and it detects that the IP is in use. in the sense, that IP is already given out by the DHCP server or (rogue) DHCP server.

 

 

Thanks,
Jitendra
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: