Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
995
Views
0
Helpful
2
Replies

DHCP Snooping on the LAN

belal.sadozai
Level 1
Level 1

‎03-25-2010 09:10 AM - edited ‎03-06-2019 10:19 AM

Dear all,

Have question about DHCP snooping, wanted to enable this feature to our LAN. here is below our LAN infrastructure:

2x 6500 as core switches L2/L3

2x6500 as access switches for server farms L2

50x3750 as access switches for users

All access switches are connected to the both 6500 core switches with redundant links

As I understood I have to enable first ip dhcp snooping to all those switches even on the core switches. And all access switches 6500 and 3750

After that I have to enable ip dhcp snooping trust to every uplinks

And finally have to enable ip dhcp snooping on the specific vlans that I want this feature.

So my question is:

Why have I to enable ip dhcp snooping to the four 6500 switches, if I enable ip dhcp snooping to only 3750 access switches for users and trust all uplink to the core switches, why this features doesn’t works ?

I probably missed some thing but I cannot find the answer on the Cisco site.

So thanks in advance for your help.

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-25-2010 10:19 AM

Hello Belal,

your understanding is correct.

>> Why have I to enable ip dhcp snooping to the four 6500  switches, if I enable ip dhcp snooping to only 3750  access switches for users and trust all uplink to the core switches,  why this features doesn’t works ?

if DHCP is enabled only on the Vlans used on the access layer C3750 you can and you should enable DHCP snooping only at the access layer.

Likely vlans used in server farms don't use DHCP services (I would expect IP addresses to be statically configured on servers)

the risk is to waste cpu resources on devices that likely will never process DHCP requests of PCs directly connected to their ports.

There are some older threads about a similar scenario.

Hope to help

Giuseppe

0 Helpful

belal.sadozai
Level 1
Level 1
In response to Giuseppe Larosa

‎03-30-2010 05:45 AM

Hello giuslar,

Thanks for your answer, but I don’t really understand your explanation, I have all access switches 3750 L2 so there is no VLAN on those Switches, all vlan SVI are on the core switches 6500 and the two other 6500 are also only L2 for server farm. So my question is in this case why I have to enable snooping to all 6500? if I enable ip dhcp snooping to all my access switches 3750 and trust uplinks to both core, this should work according to cisco docs?

See attached file.

Thanks

Preview file
312 KB
0 Helpful
Customers Also Viewed These Support Documents