10-09-2013 03:00 AM - edited 03-07-2019 03:55 PM
Hello,
I have enabled IP DHCP snooping on 2 switches that are connetced to each other via an etherchannel using 2 ports. On switch 1 it has the DHCP pool, but users on the 2nd switch couldn't get DHCP addresses eventough I added the "ip dhcp snooping trust" command on both pots in the ehterchannel either side and the "no ip dhcp snooping information option".
What fixed it was adding the "ip dhcp snooping trust" commad on the port channel which I have never had to do before is this normal?
Thanks
10-09-2013 03:16 AM
Hi Andy,
in simple terms, DHCP snooping allows a (edge)port to receive DHCP client traffic, which is Discover, Request, Release, Inform.
Received DHCP server traffic like Offer and Ack is dropped by DHCP snooping by default in order to prevent from rogue DHCP servers, so the real serverport(s) and the uplinks as well have to be trusted in order to allow DHCP server traffic (as the uplinks receive client- and server traffic).
HTH
Rolf
10-09-2013 03:32 AM
What fixed it was adding the "ip dhcp snooping trust" commad on the port channel which I have never had to do before is this normal?
Yes. When you do a "show mac address-table" you'll see that MAC-addresses are learned on the port-channel interface, no on the physical member-ports.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide