Re: DHCP Snooping

anantharoja · ‎10-31-2017

Hi all ,

I have a Layer 3 Switch where i am going to define the network on multiple SVI's and will work as a DHCP. I have multiple switches which will directly connects to the L3 switch. I would like to implement IP dhcp snooping to avoid any rogue dhcp server. Similar topology attached for reference.

Joseph W. Doherty · ‎10-31-2017

Ok, and do you have a question?

Julio E. Moisa · ‎10-31-2017

Hi

If the L3 switch will have the DHCP scopes for all the VLANs, you have configure DHCP snooping on the access switches only, the configuration should be:

ip dhcp snooping

ip dhcp snooping vlan A,B,C,D..Z (just included the VLANs to be working under DHCP snooping, it will enable the feature on that VLANs)

no ip dhcp snooping information option

interface range f0/1-48

description >>>END USERS<<<

ip dhcp snooping information rate 20 (recommended less of 100)

interface g0/1

description >>>TRUNK<<<

ip dhcp snooping trust

** ip dhcp snooping trust is configured on the interface facing the distribution or core device only.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

anantharoja · ‎11-03-2017

Hi Julio ,

Yes , L3 switch will have DHCP scopes. Should i make the both truck interfaces as trust?

Julio E. Moisa · ‎11-03-2017

Hi

The trunk interfaces on the access switches must be configured as ip dhcp snooping trust only,

DHCP snooping is not required on the Distribution switch, it must be implemented on the access switches only.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

anantharoja · ‎11-08-2017

Hi Julio ,

i have tried as you suggested in packet tracer but it does not work as expected.

Is there any limitations in packet tracer with respect to this scenario?

Thanks

Julio E. Moisa · ‎11-08-2017

Hi,

Packet tracer is a great simulator but it has some limitations, are you trying with the last version of Packet tracer?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

anantharoja · ‎11-09-2017

Hi Julio,

Initially i was trying with packet tracer 6.1 version. Then i have tried in packet tracer 7.0 version as you suggested but it does not work. Hosts which are connected to the L3 Switch are getting the DHCP addresses but the hosts connected to the L2 switch are not getting DHCP IP addresses. It says DHCP Failed , APIPA is being used.

L2 Switch Configuration:

* Enabled IP DHCP Snooping
* Enabled IP DHCP Snooping VLAN Wise
* Given no ip dhcp snooping information option
* Uplink trunk interface made it as ip dhcp snooping trust

What could be the issue?

Thanks

Julio E. Moisa · ‎11-09-2017

Hi,

Your steps are right, could you please provide me the config from the Core switch and from an access switch to verify it.

Thank you in advance.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

anantharoja · ‎11-09-2017

HI Julio,

Kindly find the attachment.

Thanks

anantharoja · ‎11-09-2017

Hi Julio,

L2 switch configuration

anantharoja · ‎11-13-2017

Hello Julio,

Have you seen the config files?