Showing results for 
Search instead for 
Did you mean: 

DHCP Snooping in a switch that is the DHCP server as well

Hi everyone,

I'm working on the configuration of IP DHCP snooping and DAI on some of the customer´s branch offices, I've found a lot of information in guides and blogs and so but my deployment is quite different of the traditional approaches that those guides show.

I have a Metro-E connecting some 3850 Switches in Stack that work as the core switches for each branch office. Those switches are the DHCP servers as well for each location. I totally understand DHCP snooping and how to configure it in all my Access switches (typically 2960 and 3560), my question is regarding the utilization of the following two commands into my Core Switch and if I should configure this one with DHCP Snooping ( I think I should). 

1. ip dhcp snooping information option allow-untrusted

As I understand this command is used into the switches in order to permit the packets with option-82 enabled in any untrusted port. So I need it because at the core I will received a bunch of packets with this option because of the Access Switches.

2. ip dhcp relay information trust-all

I've read that this command is usually used in IOS routers (where the DHCP service is configured) in order to allow any packet with the very same option 82.

In my case, as there is no router and the Core Switch is the DHCP server should I use both commands or with the 1.  would be enough?? please justify your answer in order to totally understand these features.


Best Regards,

CreatePlease to create content
Content for Community-Ad