01-05-2021 08:21 AM
If i have more than one vlan on switch can i make ip dhcp snooping on only one vlan of them and all another vlan on switch can take ip from my dhcp server or not for example :
#ip dhcp snooping
#ip dhcp snooping vlan 8
#interface f0/0
#ip dhcp snooping trust
This config make client in vlan 8 take ip from trusted port but in the same switch have vlan12 the question vlan 12 can take ip or not
Solved! Go to Solution.
01-06-2021 06:20 PM
I am so sorry but this is bug,
see attachment
sorry but you need to allow vlan for dhcp snooping.
01-05-2021 08:47 AM
only VLAN 8 will be enabled for DHCP snooping, if other VLAN need to get IP from DHCP, then you need to use DHCP helper address
01-05-2021 01:36 PM
Enable dhcp helper for vlan 12 only??
I make no ip dhcp snooping info option in configuration mode
01-05-2021 03:02 PM
Like this
#interface vlan 12
#ip dhcp relay information
01-05-2021 10:56 AM
Hello
I would say if you have multiple vlans participating in dhcp then enabling snooping for all of them is recommended
If you dont enable dhcp snooping for a particular vlan it wont negate any client from obtaining a lease on that vlan, it will mean that lease wont be recorded in the dhcp snooping binding table so it can be used to secure that particular host port from rouge dhcp packets originating from it.
01-05-2021 11:12 AM
U recommend this or mean if i apply dhcp snooping on vlan 8 for examle and on the same switch ihave vlan 12 but dosnot apply dhcp snooping client on this vlan can take ip or not
01-05-2021 01:03 PM
Hello
As stated its recommended to enable snooping for all active dhcp vlans, However if you do not enable it for specific vlan, it wont negate any client on that vlan from being allocated a dhcp lease
01-05-2021 01:18 PM
Ok now ihave vlan 8 and 12
When i apply snooping for vlan 8 vlan 12 cant take ip from dhcp server but when i make snooping for vlan 8 and 12 vlan 12 can take ip what is the problem
01-05-2021 01:54 PM
Hello
Curious - As a test on the access-port that is in vlan 12 that doesn't have snooping enabled, trust that interface and see it the host then receives a dhcp allocation
01-05-2021 03:12 PM
I suspect of option 82 which is enable by default,
disable this option if you can.
01-05-2021 03:14 PM
Imake it
#no ip dhcp snooping info option
In global mode
01-05-2021 03:19 PM
Ihave 2 vlans 8 and 12
I apply snoop for vlan 8 only
#ip dhcp snoop
#ip dhcp snoop vlan 8
#interface f0/0
#ip dhcp snoop trust
#no ip dhcp info option
This for vlan 8
Vlan 12 dont apply snoop when client in vlan 12 try to take ip dosnot work client take apipa after apply snoop for vlan 12 client can take ip
01-05-2021 03:24 PM
ok let work in other direction enable and option and also allow-untrusted
ip dhcp snooping inf option allow-untrusted
01-05-2021 03:27 PM
What this command make
01-05-2021 03:39 PM
the issue is in DHCP server it receive two DHCP message one from that apply snooping and op 82 and other from the that you don't want,
so there server must decide to accept this or not.
what DHCP server you use ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide