Solved: Re: dhcp snooping

kulinski · ‎04-28-2007

hi together,

i've a design-problem with dhcp snooping.

when i've all the users connected to access-switches and routing defined on the distribution switches there is no problem because i can use the "ip dhcp relay information trusted" command on the vlan interfaces of the distribution-switches to get it working.

the problem occurs when i also have users connected to the distribution switch.

when enabling dhcp snooping all the dhcp relay-commands are refused by default.

so all the users at the access-switches aren't provided with dhcp any more.

so how can get dhcp-snooping working for both, users at access-switches and users at distribution switches at the same time ?

Craig Balfour · ‎04-28-2007

In our network we have DHCP snooping working without using "ip dhcp relay information trust".

To configure DHCP snooping we basically trust all links between switches (trunks) and don't trust anything connected to an access port (except the DHCP server).

All you should need to do is the following:

1. On all of your switches enable DHCP snooping as follows:

ip dhcp snooping

ip dhcp snooping vlan 1 4094

2. On your distribution switch:

a) configure "ip dhcp snooping trust" on all of the ports to switch your access switches are connected.

b) configure "ip dhcp snooping trust" on the port to which your DHCP server is connected, or if it is not connected to the Distribution configure "ip dhcp snooping trust" on the uplink that links to the DHCP server (e.g. your core switch)

3. On your access switches:

a) Configure "ip dhcp snooping trust" on the ports connected to your distribution switch.

View solution in original post

Craig Balfour · ‎04-28-2007