Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
831
Views
0
Helpful
4
Replies

More DHCP Snooping Questions

Mike Mott
Level 1
Level 1

‎10-05-2011 10:57 AM - edited ‎03-07-2019 02:37 AM

I have a lot of work to do to get snooping working. One question that I have is;

If I am working on a network of say 10 2960G switches ( 1 primary or distribution switch and 9 secondary or access  switches) and I have ports in a given vlan lets say vlan 195. These ports are on the primary switch as well as access layer switches 8 & 9. they do not exist on any other switches in between.

Do I have to add the statement ip dhcp snooping vlan 195 to those switches in this network that do not have any ports in vlan 195? Or can I simply add the command on the primary switch and the access layer 8 & 9?

Thanks in advance for your effort in this regard

Mike Mott

Labels:
0 Helpful
4 Replies 4

esomarriba
Level 5
Level 5

‎10-05-2011 11:12 AM

Hi Mike,

You should be fine enabling DHCP Snooping on your primary switch and access switches 8 and 9. If you start assigning ports with VLAN 195 on different switches you need to enable DHCP Snooping on those switches.

The One Thing to Always Remember with DHCP Snooping!

Very Important!

  • If you do not have a binding table entry, you will not allow traffic from that port with these features enabled.
  • Users get grumpy when this happens
  • Would be wise to make sure you have a binding table

HTH,

//Elyinn.-

0 Helpful

Mike Mott
Level 1
Level 1
In response to esomarriba

‎10-05-2011 11:34 AM

Could you clarify the following comments for me.

  • If you do not have a binding table entry, you will not allow traffic from that port with these features enabled.
  • Would be wise to make sure you have a binding table

The only thing that I understand regarding the binding table is that once snooping is configured down to the access switch level. I can use show ip dhcp snooping binding to see if users are getting ip's or not. My configurations look something like this;

CORE

globally= nothing here

int Vlan 195= ip dhcp relay information trusted

DISTRIBUTION

globally

ip dhcp snooping vlan 195

ip dhcp snooping information option allow-untrusted

ip dhcp snooping

int g0/48 (uplink trunk) ip dhcp snooping trust

ACCESS

globally

ip dhcp snooping vlan 195

ip dhcp snooping

once configured I would use sho ip dhcp snooping

to verify configuration, and then show ip dhcp snooping binding

to ensure that users are getting ip' s

Thank You again for your attention to this issue.

Mike

0 Helpful

cadet alain
VIP Alumni
VIP Alumni

‎10-05-2011 11:25 AM

Hi,

You can enable it on the distribution switch only.Just make sure the the port(s) going to dhcp server(s) are trusted ports by enabling ip dhcp snooping trust command under the interface(s).All this of course is the DHCP server(s) are accessible via the distribution switch, if the switch is also the DHCP server so no need for last command.

just take care also if your DHCP server is IOS related to disable option 82 if your switch is also a dhcp relay by issuing following command:

no ip dhcp snooping information option

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card