Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
699
Views
10
Helpful
4
Replies

DHCP snooping implementation question

evfodor
Level 1
Level 1

‎02-21-2013 05:42 AM - edited ‎03-07-2019 11:51 AM

Hi,

Can anyone help me and verify my configuration?

My customer has the following topology. They have thousands of remote sites like this. all have 1 adsl and mpls router, they are running hsrp, mpls is the primary. DHCP servers in the head quaters, 1 for voice and 1 for data on each site.

Clipboard01.jpg

I went through several dhcp documentation, but i'm still confuse about my configuration.

I set all the trunk links on the branch switches as trust, as primary host can reach the servers via the mpls router, but in case of failure of that device they would need to use adsl routers.

dhcp servers are not on IOS.

questions:

- is my configuration correct?

- do i need to care about any other configuration option?

Thanks,

Eva

Labels:
0 Helpful
4 Replies 4

paul driver
VIP
VIP

‎02-21-2013 05:52 AM

hello

any switch that had dhcp clients apply snooping

trust all interconnected switch links with snooping enabled on

also the link to where your dhcp server is located or originates from

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

evfodor
Level 1
Level 1
In response to paul driver

‎02-21-2013 05:56 AM

Hi Paul,

Thanks for the confirmation. this is how i understood from the documentation.

Regards,

Eva

0 Helpful

evfodor
Level 1
Level 1
In response to evfodor

‎02-21-2013 06:00 AM

One more question. What about option 82? As i understand i don't need to care about it as the dhcp servers aren't running on an IOS device, and generally the default settings is correct. Am I right?

0 Helpful

paul driver
VIP
VIP
In response to evfodor

‎02-21-2013 06:01 AM

Hello,

If your dhcp servers don't support option 82 then NO, however...

When dhcp snooping is enabled on certain switches ( i think 3550's 3560')  By default this option 82 is enabled  ( sh ip dhcp snooping) and the giaddr is set to zero ( this is the gateway ip address, usually the svi of the ip helper address)  But cisco IOS of these switches is designed to drop any  dhcp packets with a giaddr of zero

I think this is only applicable when these switches with dhcp snooping enabled  are between the dhcp clients and dhcp relay

This can be rectified by appling:
ip dhcp relay information trust all (Global)
ip dhcp relay information trusted (interface)

The ramifications of  the global command sets to all interfaces to be trusted to allow relay messages through.

( I am open to feedback on my interruptation of this option 82 the (ip dhcp relay information trust command)

res

Paul

please dont forget to rate any posts they may have helped


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card