Re: DHCP snooping on 6500 thats running dhcp pools

jack.leung · ‎06-17-2009

I want to enable DHCP snooping on the 6500 but I also don't want it to block the 6500 itself from being a DHCP server. Is there anything special I need to do? I plan to put in the rate limit on all interfaces with nothing Trusted since there are no physical DHCP servers connected to any interface.

johnspaulding · ‎06-19-2009

Are there any trunk links connecting to other switches (that are in the broadcast domain where snooping is enabled)? You will have to trust those links or you will run into problems. If the switch itself is the DHCP server for that vlan where snooping is enabled than you will be fine. Let me know if you need more information.

jack.leung · ‎06-19-2009

Yes the uplinks to other access switches I plan on making them trust. I also have a couple of fastethernet blades on the 6500 that users connect to directly as well.

johnspaulding · ‎06-19-2009

If you trust the uplinks ports than you will be fine.

nate-miller · ‎06-22-2009

Just a point of clarification that I had a hard time understanding at first- you only have to trust L2 uplink ports- if you're using IP Helper commands, you do NOT have to trust uplinks!

I realize this gets more confusing in a 'blended' l2/l3 design. If you're running a traditional "route at the distribution, switch to the access" method, then you need to trust on the uplinks between the distribution and access.

If you've got L3 pushed towards the edge, and the DHCP server exists someplace 'off net', and all hops are purely L3- you don't need to trust any ports.

Similarly, if the DHCP server is the LOCAL switch,you don't need to enable any trust.

If the DHCP server is the DISTRIBUTION switch, and you've got L2 uplinks to the access, you'll need to trust the UPLINK ports, but no special configuration would otherwise be required on the distribution switch.

johnspaulding · ‎06-22-2009

You are correct....