02-21-2013 05:42 AM - edited 03-07-2019 11:51 AM
Hi,
Can anyone help me and verify my configuration?
My customer has the following topology. They have thousands of remote sites like this. all have 1 adsl and mpls router, they are running hsrp, mpls is the primary. DHCP servers in the head quaters, 1 for voice and 1 for data on each site.
I went through several dhcp documentation, but i'm still confuse about my configuration.
I set all the trunk links on the branch switches as trust, as primary host can reach the servers via the mpls router, but in case of failure of that device they would need to use adsl routers.
dhcp servers are not on IOS.
questions:
- is my configuration correct?
- do i need to care about any other configuration option?
Thanks,
Eva
02-21-2013 05:52 AM
hello
any switch that had dhcp clients apply snooping
trust all interconnected switch links with snooping enabled on
also the link to where your dhcp server is located or originates from
res
paul
02-21-2013 05:56 AM
Hi Paul,
Thanks for the confirmation. this is how i understood from the documentation.
Regards,
Eva
02-21-2013 06:00 AM
One more question. What about option 82? As i understand i don't need to care about it as the dhcp servers aren't running on an IOS device, and generally the default settings is correct. Am I right?
02-21-2013 06:01 AM
Hello,
If your dhcp servers don't support option 82 then NO, however...
When dhcp snooping is enabled on certain switches ( i think 3550's 3560') By default this option 82 is enabled ( sh ip dhcp snooping) and the giaddr is set to zero ( this is the gateway ip address, usually the svi of the ip helper address) But cisco IOS of these switches is designed to drop any dhcp packets with a giaddr of zero
I think this is only applicable when these switches with dhcp snooping enabled are between the dhcp clients and dhcp relay
This can be rectified by appling:
ip dhcp relay information trust all (Global)
ip dhcp relay information trusted (interface)
The ramifications of the global command sets to all interfaces to be trusted to allow relay messages through.
( I am open to feedback on my interruptation of this option 82 the (ip dhcp relay information trust command)
res
Paul
please dont forget to rate any posts they may have helped
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide